Package Instance

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-03-18.yaml

reference_url

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-03-18.yaml

reference_url

https://www.drupal.org/sa-core-2020-001

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-001

reference_url

https://github.com/advisories/GHSA-v273-j5hq-26xp

reference_id

GHSA-v273-j5hq-26xp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v273-j5hq-26xp

fixed_packages

url pkg:composer/drupal/core@8.8.4

purl pkg:composer/drupal/core@8.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4bym-pcfj-ykde

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-jp51-ftxv-4ud9

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-kufg-z717-b7hm

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-va7j-agmp-n3hs

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-vqgz-v922-vbh7

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.4

aliases GHSA-v273-j5hq-26xp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12yf-8sub-uyhb

url VCID-1d2m-3ycf-3ycf

vulnerability_id VCID-1d2m-3ycf-3ycf

summary Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13080

reference_id

reference_type

scores

value	0.00093
scoring_system	epss
scoring_elements	0.26289
published_at	2026-06-13T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26077
published_at	2026-06-11T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26277
published_at	2026-06-12T12:55:00Z

value	0.00124
scoring_system	epss
scoring_elements	0.31401
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13080

reference_url

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13080

reference_url

reference_id

CVE-2025-13080

reference_type

scores

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13080

reference_url

https://github.com/advisories/GHSA-83v7-c2cf-p9c2

reference_id

GHSA-83v7-c2cf-p9c2

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-83v7-c2cf-p9c2

reference_url

https://www.drupal.org/sa-core-2025-005

reference_id

sa-core-2025-005

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	2.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/

url

https://www.drupal.org/sa-core-2025-005

fixed_packages

url	pkg:composer/drupal/core@10.4.9
purl	pkg:composer/drupal/core@10.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9

url	pkg:composer/drupal/core@10.5.6
purl	pkg:composer/drupal/core@10.5.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6

url	pkg:composer/drupal/core@11.1.9
purl	pkg:composer/drupal/core@11.1.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9

url	pkg:composer/drupal/core@11.2.8
purl	pkg:composer/drupal/core@11.2.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8

aliases CVE-2025-13080, GHSA-83v7-c2cf-p9c2

risk_score 1.9

exploitability 0.5

weighted_severity 3.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1d2m-3ycf-3ycf

url VCID-1w42-v1sq-fkac

vulnerability_id VCID-1w42-v1sq-fkac

summary

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-55637

reference_id

reference_type

scores

value	0.09982
scoring_system	epss
scoring_elements	0.93233
published_at	2026-06-12T12:55:00Z

value	0.09982
scoring_system	epss
scoring_elements	0.93236
published_at	2026-06-14T12:55:00Z

value	0.09982
scoring_system	epss
scoring_elements	0.93211
published_at	2026-06-11T12:55:00Z

value	0.09982
scoring_system	epss
scoring_elements	0.93235
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-55637

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/1664030d399c73b4144f410f2ccc68c66a947f8d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-55637

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-55637

reference_url

https://github.com/advisories/GHSA-w6rx-9g2x-mg5g

reference_id

GHSA-w6rx-9g2x-mg5g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w6rx-9g2x-mg5g

reference_url

https://www.drupal.org/sa-core-2024-007

reference_id

sa-core-2024-007

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:20:25Z/

url

https://www.drupal.org/sa-core-2024-007

fixed_packages

url pkg:composer/drupal/core@10.2.11

purl pkg:composer/drupal/core@10.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11

url pkg:composer/drupal/core@10.3.9

purl pkg:composer/drupal/core@10.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9

url pkg:composer/drupal/core@11.0.8

purl pkg:composer/drupal/core@11.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8

aliases CVE-2024-55637, GHSA-w6rx-9g2x-mg5g

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1w42-v1sq-fkac

url VCID-227y-mp79-jydd

vulnerability_id VCID-227y-mp79-jydd

summary

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-55636

reference_id

reference_type

scores

value	0.11473
scoring_system	epss
scoring_elements	0.93793
published_at	2026-06-12T12:55:00Z

value	0.11473
scoring_system	epss
scoring_elements	0.938
published_at	2026-06-14T12:55:00Z

value	0.11473
scoring_system	epss
scoring_elements	0.93772
published_at	2026-06-11T12:55:00Z

value	0.11473
scoring_system	epss
scoring_elements	0.93797
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-55636

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/17f362b988e6ad6bd5cc1e7e8a7a0804e1536fbc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-55636

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-55636

reference_url

https://github.com/advisories/GHSA-938f-5r4f-h65v

reference_id

GHSA-938f-5r4f-h65v

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-938f-5r4f-h65v

reference_url

https://www.drupal.org/sa-core-2024-006

reference_id

sa-core-2024-006

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:21:16Z/

url

https://www.drupal.org/sa-core-2024-006

fixed_packages

url pkg:composer/drupal/core@10.2.11

purl pkg:composer/drupal/core@10.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11

url pkg:composer/drupal/core@10.3.9

purl pkg:composer/drupal/core@10.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9

url pkg:composer/drupal/core@11.0.8

purl pkg:composer/drupal/core@11.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8

aliases CVE-2024-55636, GHSA-938f-5r4f-h65v

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-227y-mp79-jydd

url VCID-26ck-rher-hfg4

vulnerability_id VCID-26ck-rher-hfg4

summary A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-55634

reference_id

reference_type

scores

value	0.01148
scoring_system	epss
scoring_elements	0.78971
published_at	2026-06-13T12:55:00Z

value	0.01148
scoring_system	epss
scoring_elements	0.78968
published_at	2026-06-14T12:55:00Z

value	0.01148
scoring_system	epss
scoring_elements	0.78888
published_at	2026-06-11T12:55:00Z

value	0.01148
scoring_system	epss
scoring_elements	0.78954
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-55634

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/7ae0e8f1824e15f8b2b06e4da09836250e85e934

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-55634

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-55634

reference_url

https://github.com/advisories/GHSA-7cwc-fjqm-8vh8

reference_id

GHSA-7cwc-fjqm-8vh8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7cwc-fjqm-8vh8

reference_url

https://www.drupal.org/sa-core-2024-004

reference_id

sa-core-2024-004

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-11T16:38:29Z/

url

https://www.drupal.org/sa-core-2024-004

fixed_packages

url pkg:composer/drupal/core@10.2.11

purl pkg:composer/drupal/core@10.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11

url pkg:composer/drupal/core@10.3.9

purl pkg:composer/drupal/core@10.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9

url pkg:composer/drupal/core@11.0.8

purl pkg:composer/drupal/core@11.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8

aliases CVE-2024-55634, GHSA-7cwc-fjqm-8vh8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-26ck-rher-hfg4

url VCID-2wdn-8583-v3dg

vulnerability_id VCID-2wdn-8583-v3dg

summary Exposure of Resource to Wrong Sphere in Drupal Core

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13670

reference_id

reference_type

scores

value	0.00427
scoring_system	epss
scoring_elements	0.62873
published_at	2026-06-12T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62771
published_at	2026-06-11T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62881
published_at	2026-06-14T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62885
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13670

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/f93a37b713b59f8d24e826bc74378099853eef3d

reference_url

https://www.drupal.org/sa-core-2020-011

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-011

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13670

reference_id

CVE-2020-13670

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13670

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml

reference_id

CVE-2020-13670.YAML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13670.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml

reference_id

CVE-2020-13670.YAML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13670.yaml

reference_url

https://github.com/advisories/GHSA-mmjr-5q74-p3m4

reference_id

GHSA-mmjr-5q74-p3m4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mmjr-5q74-p3m4

fixed_packages

url pkg:composer/drupal/core@8.8.10

purl pkg:composer/drupal/core@8.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10

url pkg:composer/drupal/core@8.9.6

purl pkg:composer/drupal/core@8.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6

url pkg:composer/drupal/core@9.0.6

purl pkg:composer/drupal/core@9.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6

aliases CVE-2020-13670, GHSA-mmjr-5q74-p3m4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2wdn-8583-v3dg

url VCID-4bym-pcfj-ykde

vulnerability_id VCID-4bym-pcfj-ykde

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13663

reference_id

reference_type

scores

value	0.00155
scoring_system	epss
scoring_elements	0.36222
published_at	2026-06-12T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36043
published_at	2026-06-11T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36234
published_at	2026-06-14T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36245
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13663

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/5f3c4d80fd77df0cfa87722b446db54040d55693

reference_url

https://github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/bc3235dcb5570bbda62ef9547e7604ee060b72c6

reference_url

https://github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddb

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/faf3243c4ce03bbaab386af2b272b363fd0dfddb

reference_url

https://www.drupal.org/sa-core-2020-004

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-004

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13663

reference_id

CVE-2020-13663

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13663

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yaml

reference_id

CVE-2020-13663.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13663.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yaml

reference_id

CVE-2020-13663.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13663.yaml

reference_url

https://github.com/advisories/GHSA-m648-hpf8-qcjw

reference_id

GHSA-m648-hpf8-qcjw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m648-hpf8-qcjw

fixed_packages

url pkg:composer/drupal/core@8.8.8

purl pkg:composer/drupal/core@8.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.8

url pkg:composer/drupal/core@8.9.1

purl pkg:composer/drupal/core@8.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.1

url pkg:composer/drupal/core@9.0.1

purl pkg:composer/drupal/core@9.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.1

aliases CVE-2020-13663, GHSA-m648-hpf8-qcjw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4bym-pcfj-ykde

url VCID-4sqe-bvj6-pkdq

vulnerability_id VCID-4sqe-bvj6-pkdq

summary Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-31673

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32568
published_at	2026-06-12T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32565
published_at	2026-06-14T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32387
published_at	2026-06-11T12:55:00Z

value	0.00133
scoring_system	epss
scoring_elements	0.32589
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-31673

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31673

reference_url

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31673

reference_url

https://github.com/advisories/GHSA-wpp8-fjgf-pwc7

reference_id

GHSA-wpp8-fjgf-pwc7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wpp8-fjgf-pwc7

reference_url

https://www.drupal.org/sa-core-2025-002

reference_id

sa-core-2025-002

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T15:47:04Z/

url

https://www.drupal.org/sa-core-2025-002

fixed_packages

url pkg:composer/drupal/core@10.3.13

purl pkg:composer/drupal/core@10.3.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13

url pkg:composer/drupal/core@10.4.3

purl pkg:composer/drupal/core@10.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3

url pkg:composer/drupal/core@11.0.12

purl pkg:composer/drupal/core@11.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12

url pkg:composer/drupal/core@11.1.3

purl pkg:composer/drupal/core@11.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3

aliases CVE-2025-31673, GHSA-wpp8-fjgf-pwc7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4sqe-bvj6-pkdq

url VCID-57k5-xdsf-h3ch

vulnerability_id VCID-57k5-xdsf-h3ch

summary multiple issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13674

reference_id

reference_type

scores

value	0.0014
scoring_system	epss
scoring_elements	0.3412
published_at	2026-06-12T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.33943
published_at	2026-06-11T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34123
published_at	2026-06-14T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34144
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13674

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/20cd85db8198c63101bd050ea973b13f2f3edef6

reference_url

https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/6359b3ea5aacf85399285c522c6d787a218c897c

reference_url

https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/801910fcdfc14ee6120051089a2129e455186ad8

reference_url

https://www.drupal.org/sa-core-2021-007

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-007

reference_url

reference_id

AVG-2407

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13674

reference_url

reference_id

CVE-2020-13674

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13674

reference_url

https://github.com/advisories/GHSA-j586-cj67-vg4p

reference_id

GHSA-j586-cj67-vg4p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j586-cj67-vg4p

fixed_packages

url pkg:composer/drupal/core@8.9.19

purl pkg:composer/drupal/core@8.9.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19

url pkg:composer/drupal/core@9.1.13

purl pkg:composer/drupal/core@9.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13

url pkg:composer/drupal/core@9.2.6

purl pkg:composer/drupal/core@9.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-91kw-xn5d-pbbe

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sdue-15dg-4ugt

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-yjm8-gadp-jkhr

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6

aliases CVE-2020-13674, GHSA-j586-cj67-vg4p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57k5-xdsf-h3ch

url VCID-57nk-7ugd-vucf

vulnerability_id VCID-57nk-7ugd-vucf

summary Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13671

reference_id

reference_type

scores

value	0.02599
scoring_system	epss
scoring_elements	0.85987
published_at	2026-06-12T12:55:00Z

value	0.02599
scoring_system	epss
scoring_elements	0.8599
published_at	2026-06-14T12:55:00Z

value	0.02599
scoring_system	epss
scoring_elements	0.85997
published_at	2026-06-13T12:55:00Z

value	0.02599
scoring_system	epss
scoring_elements	0.85938
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13671

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13671.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13671.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13671

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13671

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13671

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

reference_id

5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

reference_url

https://github.com/advisories/GHSA-68jc-v27h-vhmw

reference_id

GHSA-68jc-v27h-vhmw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-68jc-v27h-vhmw

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

reference_id

KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

reference_url

https://www.drupal.org/sa-core-2020-012

reference_id

sa-core-2020-012

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:38:31Z/

url

https://www.drupal.org/sa-core-2020-012

reference_url	https://usn.ubuntu.com/6981-1/
reference_id	USN-6981-1
reference_type
scores
url	https://usn.ubuntu.com/6981-1/

reference_url	https://usn.ubuntu.com/6981-2/
reference_id	USN-6981-2
reference_type
scores
url	https://usn.ubuntu.com/6981-2/

fixed_packages

url pkg:composer/drupal/core@8.8.11

purl pkg:composer/drupal/core@8.8.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.11

url pkg:composer/drupal/core@8.9.9

purl pkg:composer/drupal/core@8.9.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.9

url pkg:composer/drupal/core@9.0.8

purl pkg:composer/drupal/core@9.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.8

aliases CVE-2020-13671, GHSA-68jc-v27h-vhmw

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57nk-7ugd-vucf

url VCID-6j4t-zjnf-fbd3

vulnerability_id VCID-6j4t-zjnf-fbd3

summary Drupal Core Cross-site scripting vulnerability

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13666

reference_id

reference_type

scores

value	0.00509
scoring_system	epss
scoring_elements	0.66884
published_at	2026-06-12T12:55:00Z

value	0.00509
scoring_system	epss
scoring_elements	0.66791
published_at	2026-06-11T12:55:00Z

value	0.00509
scoring_system	epss
scoring_elements	0.66898
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13666

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-007

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-007

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13666

reference_id

CVE-2020-13666

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13666

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml

reference_id

CVE-2020-13666.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13666.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml

reference_id

CVE-2020-13666.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13666.yaml

reference_url

https://github.com/advisories/GHSA-8jj2-x2gc-ggm7

reference_id

GHSA-8jj2-x2gc-ggm7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8jj2-x2gc-ggm7

fixed_packages

url pkg:composer/drupal/core@8.8.10

purl pkg:composer/drupal/core@8.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10

url pkg:composer/drupal/core@8.9.6

purl pkg:composer/drupal/core@8.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6

url pkg:composer/drupal/core@9.0.6

purl pkg:composer/drupal/core@9.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6

aliases CVE-2020-13666, GHSA-8jj2-x2gc-ggm7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6j4t-zjnf-fbd3

url VCID-7r9b-pzqb-cqea

vulnerability_id VCID-7r9b-pzqb-cqea

summary Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28949.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28949

reference_id

reference_type

scores

value	0.93364
scoring_system	epss
scoring_elements	0.99824
published_at	2026-06-14T12:55:00Z

value	0.93364
scoring_system	epss
scoring_elements	0.99823
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28949

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/pear/archive_tar/CVE-2020-28949.yaml

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28949

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28949

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1910323
reference_id	1910323
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1910323

reference_url

https://security.gentoo.org/glsa/202101-23

reference_id

202101-23

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://security.gentoo.org/glsa/202101-23

reference_url

https://github.com/pear/Archive_Tar/issues/33

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://github.com/pear/Archive_Tar/issues/33

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/

reference_id

42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/

reference_id

4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

reference_id

5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id	976108
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108

reference_url

https://www.debian.org/security/2020/dsa-4817

reference_id

dsa-4817

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://www.debian.org/security/2020/dsa-4817

reference_url

https://github.com/advisories/GHSA-75c5-f4gw-38r9

reference_id

GHSA-75c5-f4gw-38r9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-75c5-f4gw-38r9

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

reference_id

KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

reference_url

https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html

reference_id

msg00045.html

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/

reference_id

NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/

reference_url

http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html

reference_id

PEAR-Archive_Tar-Arbitrary-File-Write.html

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html

reference_url	https://access.redhat.com/errata/RHSA-2022:6541
reference_id	RHSA-2022:6541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6541

reference_url	https://access.redhat.com/errata/RHSA-2022:6542
reference_id	RHSA-2022:6542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6542

reference_url	https://access.redhat.com/errata/RHSA-2022:7340
reference_id	RHSA-2022:7340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7340

reference_url

https://www.drupal.org/sa-core-2020-013

reference_id

sa-core-2020-013

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://www.drupal.org/sa-core-2020-013

reference_url	https://usn.ubuntu.com/4654-1/
reference_id	USN-4654-1
reference_type
scores
url	https://usn.ubuntu.com/4654-1/

reference_url	https://usn.ubuntu.com/6981-1/
reference_id	USN-6981-1
reference_type
scores
url	https://usn.ubuntu.com/6981-1/

reference_url	https://usn.ubuntu.com/6981-2/
reference_id	USN-6981-2
reference_type
scores
url	https://usn.ubuntu.com/6981-2/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/

reference_id

VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:49:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/

fixed_packages

url pkg:composer/drupal/core@8.8.12

purl pkg:composer/drupal/core@8.8.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.12

url pkg:composer/drupal/core@8.9.0-beta1

purl pkg:composer/drupal/core@8.9.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.0-beta1

url pkg:composer/drupal/core@8.9.10

purl pkg:composer/drupal/core@8.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10

url pkg:composer/drupal/core@9.0.0-alpha1

purl pkg:composer/drupal/core@9.0.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1

url pkg:composer/drupal/core@9.0.9

purl pkg:composer/drupal/core@9.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9

url pkg:composer/drupal/core@9.1.0-alpha1

purl pkg:composer/drupal/core@9.1.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1

aliases CVE-2020-28949, GHSA-75c5-f4gw-38r9

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7r9b-pzqb-cqea

url VCID-7sar-42a4-kqdy

vulnerability_id VCID-7sar-42a4-kqdy

summary core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45440

reference_id

reference_type

scores

value	0.86689
scoring_system	epss
scoring_elements	0.99442
published_at	2026-06-11T12:55:00Z

value	0.86689
scoring_system	epss
scoring_elements	0.99445
published_at	2026-06-14T12:55:00Z

value	0.86689
scoring_system	epss
scoring_elements	0.99444
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45440

reference_url

https://github.com/github/advisory-database/pull/4827

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/4827

reference_url

https://www.drupal.org/project/drupal/releases/10.2.9

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/project/drupal/releases/10.2.9

reference_url

https://www.drupal.org/project/drupal/releases/10.3.6

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/project/drupal/releases/10.3.6

reference_url

https://www.drupal.org/project/drupal/releases/11.0.5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/project/drupal/releases/11.0.5

reference_url

https://www.exploit-db.com/exploits/52266

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/52266

reference_url

https://www.drupal.org/project/drupal/issues/3457781

reference_id

3457781

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/

url

https://www.drupal.org/project/drupal/issues/3457781

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py
reference_id	CVE-2024-45440
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52266.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45440

reference_id

CVE-2024-45440

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45440

reference_url

https://senscybersecurity.nl/CVE-2024-45440-Explained/

reference_id

CVE-2024-45440-Explained

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T13:18:23Z/

url

https://senscybersecurity.nl/CVE-2024-45440-Explained/

reference_url

https://senscybersecurity.nl/CVE-2024-45440-Explained

reference_id

CVE-2024-45440-EXPLAINED

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://senscybersecurity.nl/CVE-2024-45440-Explained

reference_url

https://github.com/advisories/GHSA-mg8j-w93w-xjgc

reference_id

GHSA-mg8j-w93w-xjgc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mg8j-w93w-xjgc

fixed_packages

url pkg:composer/drupal/core@10.2.9

purl pkg:composer/drupal/core@10.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rdfc-4t9e-bqed

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.9

url pkg:composer/drupal/core@10.3.0-beta1

purl pkg:composer/drupal/core@10.3.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.0-beta1

url pkg:composer/drupal/core@10.3.6

purl pkg:composer/drupal/core@10.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.6

url	pkg:composer/drupal/core@11.0.0-alpha1
purl	pkg:composer/drupal/core@11.0.0-alpha1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.0-alpha1

url pkg:composer/drupal/core@11.0.5

purl pkg:composer/drupal/core@11.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.5

aliases CVE-2024-45440, GHSA-mg8j-w93w-xjgc

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7sar-42a4-kqdy

url VCID-94he-hr4a-yygs

vulnerability_id VCID-94he-hr4a-yygs

summary Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13083

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01497
published_at	2026-06-13T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0149
published_at	2026-06-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01492
published_at	2026-06-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03077
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13083

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13083

reference_url

reference_id

CVE-2025-13083

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13083

reference_url

https://github.com/advisories/GHSA-mhpg-hpj5-73r2

reference_id

GHSA-mhpg-hpj5-73r2

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mhpg-hpj5-73r2

reference_url

https://www.drupal.org/sa-core-2025-008

reference_id

sa-core-2025-008

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/

url

https://www.drupal.org/sa-core-2025-008

fixed_packages

url	pkg:composer/drupal/core@10.4.9
purl	pkg:composer/drupal/core@10.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9

url	pkg:composer/drupal/core@10.5.6
purl	pkg:composer/drupal/core@10.5.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6

url	pkg:composer/drupal/core@11.1.9
purl	pkg:composer/drupal/core@11.1.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9

url	pkg:composer/drupal/core@11.2.8
purl	pkg:composer/drupal/core@11.2.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8

aliases CVE-2025-13083, GHSA-mhpg-hpj5-73r2

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94he-hr4a-yygs

url VCID-9jxk-pzre-4kgx

vulnerability_id VCID-9jxk-pzre-4kgx

summary

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.

This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.

The core REST and contributed GraphQL modules are not affected.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-5256

reference_id

reference_type

scores

value	0.01295
scoring_system	epss
scoring_elements	0.80169
published_at	2026-06-12T12:55:00Z

value	0.01295
scoring_system	epss
scoring_elements	0.80176
published_at	2026-06-14T12:55:00Z

value	0.01295
scoring_system	epss
scoring_elements	0.80107
published_at	2026-06-11T12:55:00Z

value	0.01295
scoring_system	epss
scoring_elements	0.80184
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-5256

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/1cd2741c2b43f6ad1bdfc121b8d9ec3b87e70742

reference_url

https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/5495dc530e3acd056478245bfe1828210c6da7dc

reference_url

https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/d4fe67562ee3ea0d9ecb9672d2945d94c5633d24

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-5256

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-5256

reference_url

https://github.com/advisories/GHSA-rjqg-3h9m-fx5x

reference_id

GHSA-rjqg-3h9m-fx5x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rjqg-3h9m-fx5x

reference_url

https://www.drupal.org/sa-core-2023-006

reference_id

sa-core-2023-006

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-23T18:22:43Z/

url

https://www.drupal.org/sa-core-2023-006

fixed_packages

url pkg:composer/drupal/core@9.5.11

purl pkg:composer/drupal/core@9.5.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.11

url pkg:composer/drupal/core@10.0.11

purl pkg:composer/drupal/core@10.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rdfc-4t9e-bqed

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.11

url pkg:composer/drupal/core@10.1.4

purl pkg:composer/drupal/core@10.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-69xw-x4r1-vqcg

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rdfc-4t9e-bqed

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.4

aliases CVE-2023-5256, GHSA-rjqg-3h9m-fx5x

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jxk-pzre-4kgx

url VCID-a4ps-1cdu-4ucv

vulnerability_id VCID-a4ps-1cdu-4ucv

summary Drupal core Arbitrary PHP code execution

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2020-11-25.yaml

reference_url

https://github.com/advisories/GHSA-gxxj-g9v8-w28p

reference_id

GHSA-gxxj-g9v8-w28p

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gxxj-g9v8-w28p

fixed_packages

url pkg:composer/drupal/core@8.8.12

purl pkg:composer/drupal/core@8.8.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.12

url pkg:composer/drupal/core@8.9.10

purl pkg:composer/drupal/core@8.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10

url pkg:composer/drupal/core@9.0.9

purl pkg:composer/drupal/core@9.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9

aliases GHSA-gxxj-g9v8-w28p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4ps-1cdu-4ucv

url VCID-aqce-af3u-myd2

vulnerability_id VCID-aqce-af3u-myd2

summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-31674

reference_id

reference_type

scores

value	0.00314
scoring_system	epss
scoring_elements	0.55056
published_at	2026-06-12T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.55058
published_at	2026-06-14T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.54934
published_at	2026-06-11T12:55:00Z

value	0.00314
scoring_system	epss
scoring_elements	0.55071
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-31674

reference_url

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31674

reference_url

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31674

reference_url

https://github.com/advisories/GHSA-2qph-q8xw-gv7q

reference_id

GHSA-2qph-q8xw-gv7q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2qph-q8xw-gv7q

reference_url

https://www.drupal.org/sa-core-2025-003

reference_id

sa-core-2025-003

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	4.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-03T17:16:59Z/

url

https://www.drupal.org/sa-core-2025-003

fixed_packages

url pkg:composer/drupal/core@10.3.13

purl pkg:composer/drupal/core@10.3.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13

url pkg:composer/drupal/core@10.4.3

purl pkg:composer/drupal/core@10.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3

url pkg:composer/drupal/core@11.0.12

purl pkg:composer/drupal/core@11.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12

url pkg:composer/drupal/core@11.1.3

purl pkg:composer/drupal/core@11.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3

aliases CVE-2025-31674, GHSA-2qph-q8xw-gv7q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aqce-af3u-myd2

url VCID-e5uh-sqmj-qyg7

vulnerability_id VCID-e5uh-sqmj-qyg7

summary User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13082

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.1403
published_at	2026-06-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13916
published_at	2026-06-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.14033
published_at	2026-06-12T12:55:00Z

value	0.00059
scoring_system	epss
scoring_elements	0.18853
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13082

reference_url

reference_id

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13082

reference_url

reference_id

CVE-2025-13082

reference_type

scores

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13082

reference_url

https://github.com/advisories/GHSA-h89p-5896-f4q8

reference_id

GHSA-h89p-5896-f4q8

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h89p-5896-f4q8

reference_url

https://www.drupal.org/sa-core-2025-007

reference_id

sa-core-2025-007

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

value	2.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/

url

https://www.drupal.org/sa-core-2025-007

fixed_packages

url	pkg:composer/drupal/core@10.4.9
purl	pkg:composer/drupal/core@10.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9

url	pkg:composer/drupal/core@10.5.6
purl	pkg:composer/drupal/core@10.5.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6

url	pkg:composer/drupal/core@11.1.9
purl	pkg:composer/drupal/core@11.1.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9

url	pkg:composer/drupal/core@11.2.8
purl	pkg:composer/drupal/core@11.2.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8

aliases CVE-2025-13082, GHSA-h89p-5896-f4q8

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5uh-sqmj-qyg7

url VCID-ed3c-h2ww-j3gm

vulnerability_id VCID-ed3c-h2ww-j3gm

summary guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24775

reference_id

reference_type

scores

value	0.00931
scoring_system	epss
scoring_elements	0.76651
published_at	2026-06-13T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76647
published_at	2026-06-14T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76636
published_at	2026-06-12T12:55:00Z

value	0.00931
scoring_system	epss
scoring_elements	0.76567
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24775

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24775

reference_url

https://github.com/guzzle/psr7

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/guzzle/psr7

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236
reference_id	1008236
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008236

reference_url

https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc

reference_id

9a96d9db668b485361ed9de7b5bf1e54895df1dc

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/

url

https://github.com/guzzle/psr7/pull/486/commits/9a96d9db668b485361ed9de7b5bf1e54895df1dc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24775

reference_id

CVE-2022-24775

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24775

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml

reference_id

CVE-2022-24775.YAML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/psr7/CVE-2022-24775.yaml

reference_url

https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1

reference_id

e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/

url

https://github.com/guzzle/psr7/pull/485/commits/e55afaa3fc138c89adf3b55a8ba20dc60d17f1f1

reference_url

https://github.com/advisories/GHSA-q7rv-6hp3-vh96

reference_id

GHSA-q7rv-6hp3-vh96

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q7rv-6hp3-vh96

reference_url

https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96

reference_id

GHSA-q7rv-6hp3-vh96

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/

url

https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96

reference_url

https://www.drupal.org/sa-core-2022-006

reference_id

sa-core-2022-006

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:31Z/

url

https://www.drupal.org/sa-core-2022-006

reference_url	https://usn.ubuntu.com/6670-1/
reference_id	USN-6670-1
reference_type
scores
url	https://usn.ubuntu.com/6670-1/

fixed_packages

url pkg:composer/drupal/core@9.2.16

purl pkg:composer/drupal/core@9.2.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-91kw-xn5d-pbbe

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.16

url pkg:composer/drupal/core@9.3.0-alpha1

purl pkg:composer/drupal/core@9.3.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.0-alpha1

url pkg:composer/drupal/core@9.3.9

purl pkg:composer/drupal/core@9.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-91kw-xn5d-pbbe

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-cdm9-t56e-83aj

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.9

url pkg:composer/drupal/core@10.0.0-alpha1

purl pkg:composer/drupal/core@10.0.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.0.0-alpha1

aliases CVE-2022-24775, GHSA-q7rv-6hp3-vh96

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3c-h2ww-j3gm

url VCID-eje5-fhmg-hbbt

vulnerability_id VCID-eje5-fhmg-hbbt

summary Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39261

reference_id

reference_type

scores

value	0.09505
scoring_system	epss
scoring_elements	0.93039
published_at	2026-06-14T12:55:00Z

value	0.09505
scoring_system	epss
scoring_elements	0.93015
published_at	2026-06-11T12:55:00Z

value	0.09505
scoring_system	epss
scoring_elements	0.93038
published_at	2026-06-12T12:55:00Z

value	0.09505
scoring_system	epss
scoring_elements	0.9304
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39261

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39261

reference_url

https://github.com/twigphp/Twig

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/twigphp/Twig

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/

reference_url

https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-outside-a-configured-directory-when-using-the-filesystem-loader

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991
reference_id	1020991
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020991

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/

reference_id

2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OKRUHPVLIQVFPPJ2UWC3WV3WQO763NR/

reference_url

https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b

reference_id

35f3035c5deb0041da7b84daf02dea074ddc7a0b

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/

reference_id

AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUVTXMNPSZAHS3DWZEM56V5W4NPVR6L7/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-39261

reference_id

CVE-2022-39261

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-39261

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml

reference_id

CVE-2022-39261.YAML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/CVE-2022-39261.yaml

reference_url

https://www.debian.org/security/2022/dsa-5248

reference_id

dsa-5248

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://www.debian.org/security/2022/dsa-5248

reference_url

https://github.com/advisories/GHSA-52m2-vc4m-jj33

reference_id

GHSA-52m2-vc4m-jj33

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-52m2-vc4m-jj33

reference_url

https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33

reference_id

GHSA-52m2-vc4m-jj33

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33

reference_url

https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html

reference_id

msg00016.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://lists.debian.org/debian-lts-announce/2022/10/msg00016.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/

reference_id

NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWRFPZSR74SYVJKBTKTMYUK36IJ3SQJP/

reference_url

https://www.drupal.org/sa-core-2022-016

reference_id

sa-core-2022-016

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://www.drupal.org/sa-core-2022-016

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/

reference_id

TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW53TFJ6WWNXMUHOFACKATJTS7NIHVQE/

reference_url	https://usn.ubuntu.com/5947-1/
reference_id	USN-5947-1
reference_type
scores
url	https://usn.ubuntu.com/5947-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/

reference_id

WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WV5TNNJLGG536TJH6DLCIAAZZIPV2GUD/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/

reference_id

YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:50:56Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YU4ZYX62H2NUAKKGUES4RZIM4KMTKZ7F/

fixed_packages

url pkg:composer/drupal/core@9.3.22

purl pkg:composer/drupal/core@9.3.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.22

url pkg:composer/drupal/core@9.4.0-alpha1

purl pkg:composer/drupal/core@9.4.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.0-alpha1

url pkg:composer/drupal/core@9.4.7

purl pkg:composer/drupal/core@9.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.7

url pkg:composer/drupal/core@9.5.0-beta1

purl pkg:composer/drupal/core@9.5.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.5.0-beta1

aliases CVE-2022-39261, GHSA-52m2-vc4m-jj33

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eje5-fhmg-hbbt

url VCID-ggb3-jgrj-hken

vulnerability_id VCID-ggb3-jgrj-hken

summary Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-12393

reference_id

reference_type

scores

value	0.02544
scoring_system	epss
scoring_elements	0.85844
published_at	2026-06-12T12:55:00Z

value	0.02544
scoring_system	epss
scoring_elements	0.85846
published_at	2026-06-14T12:55:00Z

value	0.02544
scoring_system	epss
scoring_elements	0.85794
published_at	2026-06-11T12:55:00Z

value	0.02544
scoring_system	epss
scoring_elements	0.85854
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-12393

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/276ac67ad891605052e0a24fb36ece9caaa511e8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-12393

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-12393

reference_url

https://github.com/advisories/GHSA-8mvq-8h2v-j9vf

reference_id

GHSA-8mvq-8h2v-j9vf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8mvq-8h2v-j9vf

reference_url

https://www.drupal.org/sa-core-2024-003

reference_id

sa-core-2024-003

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:36:16Z/

url

https://www.drupal.org/sa-core-2024-003

fixed_packages

url pkg:composer/drupal/core@10.2.11

purl pkg:composer/drupal/core@10.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11

url pkg:composer/drupal/core@10.3.9

purl pkg:composer/drupal/core@10.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9

url pkg:composer/drupal/core@11.0.8

purl pkg:composer/drupal/core@11.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.8

aliases CVE-2024-12393, GHSA-8mvq-8h2v-j9vf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggb3-jgrj-hken

url VCID-hdq9-fe9e-93hb

vulnerability_id VCID-hdq9-fe9e-93hb

summary In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25275

reference_id

reference_type

scores

value	0.00579
scoring_system	epss
scoring_elements	0.6945
published_at	2026-06-13T12:55:00Z

value	0.00579
scoring_system	epss
scoring_elements	0.69449
published_at	2026-06-14T12:55:00Z

value	0.00579
scoring_system	epss
scoring_elements	0.69346
published_at	2026-06-11T12:55:00Z

value	0.00579
scoring_system	epss
scoring_elements	0.69437
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25275

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/2d5f47fc8a166115f56c2330a81e83abe22445cf

reference_url

https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/e2fbf63700819cb470a1be425798f1a3f2020116

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25275

reference_id

CVE-2022-25275

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25275

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml

reference_id

CVE-2022-25275.YAML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25275.yaml

reference_url

https://github.com/advisories/GHSA-xh3v-6f9j-wxw3

reference_id

GHSA-xh3v-6f9j-wxw3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xh3v-6f9j-wxw3

reference_url

https://www.drupal.org/sa-core-2022-012

reference_id

sa-core-2022-012

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:45:46Z/

url

https://www.drupal.org/sa-core-2022-012

fixed_packages

url pkg:composer/drupal/core@9.3.19

purl pkg:composer/drupal/core@9.3.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19

url pkg:composer/drupal/core@9.4.3

purl pkg:composer/drupal/core@9.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3

aliases CVE-2022-25275, GHSA-xh3v-6f9j-wxw3, GMS-2022-3362

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdq9-fe9e-93hb

url VCID-hfsr-jhw7-b3ap

vulnerability_id VCID-hfsr-jhw7-b3ap

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9281

reference_id

reference_type

scores

value	0.01194
scoring_system	epss
scoring_elements	0.79335
published_at	2026-06-12T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.79344
published_at	2026-06-14T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.7927
published_at	2026-06-11T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.79349
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9281

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9281

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9281

reference_url

https://github.com/advisories/GHSA-vcjf-mgcg-jxjq

reference_id

GHSA-vcjf-mgcg-jxjq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vcjf-mgcg-jxjq

reference_url	https://usn.ubuntu.com/5340-1/
reference_id	USN-5340-1
reference_type
scores
url	https://usn.ubuntu.com/5340-1/

reference_url	https://usn.ubuntu.com/USN-5340-2/
reference_id	USN-USN-5340-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5340-2/

fixed_packages

url pkg:composer/drupal/core@8.8.4

purl pkg:composer/drupal/core@8.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4bym-pcfj-ykde

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-jp51-ftxv-4ud9

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-kufg-z717-b7hm

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-va7j-agmp-n3hs

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-vqgz-v922-vbh7

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.4

url pkg:composer/drupal/core@9.0.0-alpha1

purl pkg:composer/drupal/core@9.0.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1

aliases CVE-2020-9281, GHSA-vcjf-mgcg-jxjq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfsr-jhw7-b3ap

url VCID-jp51-ftxv-4ud9

vulnerability_id VCID-jp51-ftxv-4ud9

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11022.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11022.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11022

reference_id

reference_type

scores

value	0.02391
scoring_system	epss
scoring_elements	0.85361
published_at	2026-06-11T12:55:00Z

value	0.02391
scoring_system	epss
scoring_elements	0.85414
published_at	2026-06-14T12:55:00Z

value	0.02391
scoring_system	epss
scoring_elements	0.85422
published_at	2026-06-13T12:55:00Z

value	0.02391
scoring_system	epss
scoring_elements	0.85413
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11022

reference_url	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
reference_id
reference_type
scores
url	https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662

reference_url

http://security.netapp.com/advisory/ntap-20200511-0006

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://security.netapp.com/advisory/ntap-20200511-0006

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77

reference_url

https://github.com/jquery/jquery/releases/tag/3.5.0

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery/releases/tag/3.5.0

reference_url

https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc

reference_url

https://github.com/maximebf/php-debugbar/issues/447

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/maximebf/php-debugbar/issues/447

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W

reference_url

https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html

reference_url

https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html

reference_url

https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html

reference_url

https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html

reference_url

https://www.tenable.com/security/tns-2020-10

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.tenable.com/security/tns-2020-10

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1828406
reference_id	1828406
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1828406

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49766.txt
reference_id	CVE-2020-11022
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49766.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11022

reference_id

CVE-2020-11022

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11022

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml

reference_id

CVE-2020-11022.YML

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml

reference_url

https://github.com/advisories/GHSA-gxr4-xjj5-5px2

reference_id

GHSA-gxr4-xjj5-5px2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gxr4-xjj5-5px2

reference_url

https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2

reference_id

GHSA-gxr4-xjj5-5px2

reference_type

scores

value	6.9
scoring_system	cvssv3
scoring_elements

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2

reference_url	https://access.redhat.com/errata/RHSA-2020:2217
reference_id	RHSA-2020:2217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2217

reference_url	https://access.redhat.com/errata/RHSA-2020:2362
reference_id	RHSA-2020:2362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2362

reference_url	https://access.redhat.com/errata/RHSA-2020:2412
reference_id	RHSA-2020:2412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2412

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

reference_url	https://access.redhat.com/errata/RHSA-2020:3247
reference_id	RHSA-2020:3247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3247

reference_url	https://access.redhat.com/errata/RHSA-2020:3807
reference_id	RHSA-2020:3807
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3807

reference_url	https://access.redhat.com/errata/RHSA-2020:3936
reference_id	RHSA-2020:3936
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3936

reference_url	https://access.redhat.com/errata/RHSA-2020:4211
reference_id	RHSA-2020:4211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4211

reference_url	https://access.redhat.com/errata/RHSA-2020:4298
reference_id	RHSA-2020:4298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4298

reference_url	https://access.redhat.com/errata/RHSA-2020:4670
reference_id	RHSA-2020:4670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4670

reference_url	https://access.redhat.com/errata/RHSA-2020:4847
reference_id	RHSA-2020:4847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4847

reference_url	https://access.redhat.com/errata/RHSA-2020:5249
reference_id	RHSA-2020:5249
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5249

reference_url	https://access.redhat.com/errata/RHSA-2021:0778
reference_id	RHSA-2021:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0778

reference_url	https://access.redhat.com/errata/RHSA-2022:6393
reference_id	RHSA-2022:6393
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6393

reference_url	https://access.redhat.com/errata/RHSA-2023:0552
reference_id	RHSA-2023:0552
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0552

reference_url	https://access.redhat.com/errata/RHSA-2023:0553
reference_id	RHSA-2023:0553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0553

reference_url	https://access.redhat.com/errata/RHSA-2023:0554
reference_id	RHSA-2023:0554
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0554

reference_url	https://access.redhat.com/errata/RHSA-2023:0556
reference_id	RHSA-2023:0556
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0556

reference_url	https://access.redhat.com/errata/RHSA-2023:1043
reference_id	RHSA-2023:1043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1043

reference_url	https://access.redhat.com/errata/RHSA-2023:1044
reference_id	RHSA-2023:1044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1044

reference_url	https://access.redhat.com/errata/RHSA-2023:1045
reference_id	RHSA-2023:1045
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1045

reference_url	https://access.redhat.com/errata/RHSA-2023:1047
reference_id	RHSA-2023:1047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1047

reference_url	https://access.redhat.com/errata/RHSA-2023:1049
reference_id	RHSA-2023:1049
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1049

reference_url	https://usn.ubuntu.com/7246-1/
reference_id	USN-7246-1
reference_type
scores
url	https://usn.ubuntu.com/7246-1/

reference_url	https://usn.ubuntu.com/7622-1/
reference_id	USN-7622-1
reference_type
scores
url	https://usn.ubuntu.com/7622-1/

reference_url	https://usn.ubuntu.com/7658-1/
reference_id	USN-7658-1
reference_type
scores
url	https://usn.ubuntu.com/7658-1/

fixed_packages

url pkg:composer/drupal/core@8.8.6

purl pkg:composer/drupal/core@8.8.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4bym-pcfj-ykde

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-va7j-agmp-n3hs

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-vqgz-v922-vbh7

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.6

url pkg:composer/drupal/core@8.9.0-beta1

purl pkg:composer/drupal/core@8.9.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.0-beta1

aliases CVE-2020-11022, GHSA-gxr4-xjj5-5px2

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jp51-ftxv-4ud9

url VCID-k48k-jdda-zqbh

vulnerability_id VCID-k48k-jdda-zqbh

summary multiple issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13677

reference_id

reference_type

scores

value	0.00198
scoring_system	epss
scoring_elements	0.41994
published_at	2026-06-12T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.41829
published_at	2026-06-11T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.42003
published_at	2026-06-14T12:55:00Z

value	0.00198
scoring_system	epss
scoring_elements	0.42013
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13677

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/7a9bef4b4750d79ab42498e459012cabe4c4bd8b

reference_url

https://www.drupal.org/sa-core-2021-010

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-010

reference_url

reference_id

AVG-2407

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13677

reference_url

reference_id

CVE-2020-13677

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13677

reference_url

https://github.com/advisories/GHSA-3xr3-phjp-g6p2

reference_id

GHSA-3xr3-phjp-g6p2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3xr3-phjp-g6p2

fixed_packages

url pkg:composer/drupal/core@8.9.19

purl pkg:composer/drupal/core@8.9.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19

url pkg:composer/drupal/core@9.1.13

purl pkg:composer/drupal/core@9.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13

url pkg:composer/drupal/core@9.2.6

purl pkg:composer/drupal/core@9.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-91kw-xn5d-pbbe

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sdue-15dg-4ugt

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-yjm8-gadp-jkhr

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6

aliases CVE-2020-13677, GHSA-3xr3-phjp-g6p2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k48k-jdda-zqbh

url VCID-kryq-8j5g-d7a6

vulnerability_id VCID-kryq-8j5g-d7a6

summary Cross-site Scripting in Drupal Core

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13668

reference_id

reference_type

scores

value	0.00223
scoring_system	epss
scoring_elements	0.45174
published_at	2026-06-14T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.45025
published_at	2026-06-11T12:55:00Z

value	0.00223
scoring_system	epss
scoring_elements	0.45186
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13668

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/3184fa4b2f3b65b44884b5e858cdc7794d34b4c8

reference_url

https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/58330ba58d1ac6f1a0a549e8dbde8a3e094bf4fb

reference_url

https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/d4be028d81fb6b067513d788b60c3e6fc8fbd0a2

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13668

reference_url

reference_id

CVE-2020-13668

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13668

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml

reference_id

CVE-2020-13668.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13668.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml

reference_id

CVE-2020-13668.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13668.yaml

reference_url

https://github.com/advisories/GHSA-m6q5-wv4x-fv6h

reference_id

GHSA-m6q5-wv4x-fv6h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m6q5-wv4x-fv6h

fixed_packages

url pkg:composer/drupal/core@8.8.10

purl pkg:composer/drupal/core@8.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10

url pkg:composer/drupal/core@8.9.6

purl pkg:composer/drupal/core@8.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6

url pkg:composer/drupal/core@9.0.6

purl pkg:composer/drupal/core@9.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6

aliases CVE-2020-13668, GHSA-m6q5-wv4x-fv6h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kryq-8j5g-d7a6

url VCID-kufg-z717-b7hm

vulnerability_id VCID-kufg-z717-b7hm

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11023.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11023

reference_id

reference_type

scores

value	0.3063
scoring_system	epss
scoring_elements	0.96846
published_at	2026-06-14T12:55:00Z

value	0.34098
scoring_system	epss
scoring_elements	0.97096
published_at	2026-06-13T12:55:00Z

value	0.34098
scoring_system	epss
scoring_elements	0.97094
published_at	2026-06-12T12:55:00Z

value	0.34098
scoring_system	epss
scoring_elements	0.97085
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77

reference_url

https://github.com/jquery/jquery/releases/tag/3.5.0

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/jquery/jquery/releases/tag/3.5.0

reference_url

https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#410

reference_url

https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

reference_url

https://github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/jquery-rails/blob/v4.3.5/vendor/assets/javascripts/jquery3.js#L5979

reference_url

https://github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/jquery-rails/blob/v4.4.0/vendor/assets/javascripts/jquery3.js#L6162

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3Cdev.felix.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3Cgitbox.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3Cdev.felix.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3Cdev.felix.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3Cdev.felix.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3Cdev.felix.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3Ccommits.felix.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3Cdev.felix.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3Cgitbox.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3Cgitbox.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3Cgitbox.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3Ccommits.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3Cgitbox.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3Cdev.felix.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3Cgitbox.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3Cdev.hive.apache.org%3E

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B

reference_url

https://security.netapp.com/advisory/ntap-20200511-0006

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200511-0006

reference_url

https://security.netapp.com/advisory/ntap-20230725-0003

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230725-0003

reference_url

https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-565440

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-565440

reference_url

https://snyk.io/vuln/SNYK-JS-JQUERY-565129

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-JQUERY-565129

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11023

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1850004
reference_id	1850004
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1850004

reference_url

https://security.gentoo.org/glsa/202007-03

reference_id

202007-03

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://security.gentoo.org/glsa/202007-03

reference_url

https://jquery.com/upgrade-guide/3.5/

reference_id

3.5

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://jquery.com/upgrade-guide/3.5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/

reference_id

AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

cpuApr2021.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

cpuapr2022.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

cpujan2021.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

cpujan2022.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

cpujul2020.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

cpujul2021.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

cpujul2022.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

cpuoct2020.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

cpuoct2021.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49767.txt
reference_id	CVE-2020-11023
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49767.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11023

reference_id

CVE-2020-11023

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11023

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11023.yml

reference_id

CVE-2020-11023.YML

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11023.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml

reference_id

CVE-2020-23064.YML

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-23064.yml

reference_url

https://www.debian.org/security/2020/dsa-4693

reference_id

dsa-4693

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.debian.org/security/2020/dsa-4693

reference_url

https://github.com/advisories/GHSA-jpcq-cgw6-v4j6

reference_id

GHSA-jpcq-cgw6-v4j6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jpcq-cgw6-v4j6

reference_url

https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6

reference_id

GHSA-jpcq-cgw6-v4j6

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6

reference_url

https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37

reference_id

GHSA-jpcq-cgw6-v4j6.json#L20-L37

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/GHSA-jpcq-cgw6-v4j6/GHSA-jpcq-cgw6-v4j6.json#L20-L37

reference_url

http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html

reference_id

jQuery-1.0.3-Cross-Site-Scripting.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross-Site-Scripting.html

reference_url

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

reference_id

jquery-3-5-0-released

reference_type

scores

value	6.9
scoring_system	cvssv3
scoring_elements

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html

reference_id

msg00033.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html

reference_id

msg00039.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

reference_id

msg00040.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html

reference_id

msg00067.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html

reference_id

msg00085.html

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html

reference_url

https://security.netapp.com/advisory/ntap-20200511-0006/

reference_id

ntap-20200511-0006

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://security.netapp.com/advisory/ntap-20200511-0006/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/

reference_id

QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/

reference_url

https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E

reference_id

r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E

reference_id

r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E

reference_id

r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3Cdev.felix.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E

reference_id

r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3Cissues.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E

reference_id

r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3Cgitbox.hive.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E

reference_id

r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3Cdev.felix.apache.org%3E

100

reference_url

https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E

reference_id

r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3Cdev.felix.apache.org%3E

101

reference_url

https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E

reference_id

r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E

102

reference_url

https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E

reference_id

r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3Cissues.hive.apache.org%3E

103

reference_url

https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E

reference_id

r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3Cdev.felix.apache.org%3E

104

reference_url

https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E

reference_id

r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E

105

reference_url

https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E

reference_id

r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3Cdev.felix.apache.org%3E

106

reference_url

https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E

reference_id

r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E

107

reference_url

https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E

reference_id

r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3Cissues.hive.apache.org%3E

108

reference_url

https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E

reference_id

r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3Cissues.hive.apache.org%3E

109

reference_url

https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E

reference_id

r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E

110

reference_url

https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E

reference_id

r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E

111

reference_url

https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E

reference_id

r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3Ccommits.felix.apache.org%3E

112

reference_url

https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E

reference_id

r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3Cissues.hive.apache.org%3E

113

reference_url

https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E

reference_id

r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3Cdev.felix.apache.org%3E

114

reference_url

https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E

reference_id

ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3Cgitbox.hive.apache.org%3E

115

reference_url

https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E

reference_id

ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3Cgitbox.hive.apache.org%3E

116

reference_url

https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E

reference_id

ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3Cgitbox.hive.apache.org%3E

117

reference_url

https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E

reference_id

ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3Cissues.hive.apache.org%3E

118

reference_url

https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E

reference_id

rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3Ccommits.hive.apache.org%3E

119

reference_url

https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E

reference_id

radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3Cissues.hive.apache.org%3E

120

reference_url

https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E

reference_id

rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3Cgitbox.hive.apache.org%3E

121

reference_url

https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E

reference_id

rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3Cissues.hive.apache.org%3E

122

reference_url

https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E

reference_id

rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E

123

reference_url

https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E

reference_id

rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3Cissues.hive.apache.org%3E

124

reference_url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E

reference_id

rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E

125

reference_url

https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E

reference_id

re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E

126

reference_url

https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E

reference_id

rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E

127

reference_url

https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E

reference_id

ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E

128

reference_url

https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E

reference_id

rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3Cdev.felix.apache.org%3E

129

reference_url

https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E

reference_id

rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3Cgitbox.hive.apache.org%3E

130

reference_url

https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E

reference_id

rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3Cdev.hive.apache.org%3E

131

reference_url	https://access.redhat.com/errata/RHSA-2020:2412
reference_id	RHSA-2020:2412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2412

132

reference_url	https://access.redhat.com/errata/RHSA-2020:2813
reference_id	RHSA-2020:2813
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2813

133

reference_url	https://access.redhat.com/errata/RHSA-2020:3247
reference_id	RHSA-2020:3247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3247

134

reference_url	https://access.redhat.com/errata/RHSA-2020:3369
reference_id	RHSA-2020:3369
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3369

135

reference_url	https://access.redhat.com/errata/RHSA-2020:3807
reference_id	RHSA-2020:3807
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3807

136

reference_url	https://access.redhat.com/errata/RHSA-2020:4211
reference_id	RHSA-2020:4211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4211

137

reference_url	https://access.redhat.com/errata/RHSA-2020:4298
reference_id	RHSA-2020:4298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4298

138

reference_url	https://access.redhat.com/errata/RHSA-2020:4847
reference_id	RHSA-2020:4847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4847

139

reference_url	https://access.redhat.com/errata/RHSA-2020:5249
reference_id	RHSA-2020:5249
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5249

140

reference_url	https://access.redhat.com/errata/RHSA-2020:5412
reference_id	RHSA-2020:5412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5412

141

reference_url	https://access.redhat.com/errata/RHSA-2021:0778
reference_id	RHSA-2021:0778
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0778

142

reference_url	https://access.redhat.com/errata/RHSA-2021:0851
reference_id	RHSA-2021:0851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0851

143

reference_url	https://access.redhat.com/errata/RHSA-2021:0860
reference_id	RHSA-2021:0860
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0860

144

reference_url	https://access.redhat.com/errata/RHSA-2021:1846
reference_id	RHSA-2021:1846
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1846

145

reference_url	https://access.redhat.com/errata/RHSA-2021:4142
reference_id	RHSA-2021:4142
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4142

146

reference_url	https://access.redhat.com/errata/RHSA-2022:6393
reference_id	RHSA-2022:6393
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6393

147

reference_url	https://access.redhat.com/errata/RHSA-2022:7343
reference_id	RHSA-2022:7343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7343

148

reference_url	https://access.redhat.com/errata/RHSA-2023:0552
reference_id	RHSA-2023:0552
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0552

149

reference_url	https://access.redhat.com/errata/RHSA-2023:0553
reference_id	RHSA-2023:0553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0553

150

reference_url	https://access.redhat.com/errata/RHSA-2023:0554
reference_id	RHSA-2023:0554
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0554

151

reference_url	https://access.redhat.com/errata/RHSA-2023:0556
reference_id	RHSA-2023:0556
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0556

152

reference_url	https://access.redhat.com/errata/RHSA-2023:1043
reference_id	RHSA-2023:1043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1043

153

reference_url	https://access.redhat.com/errata/RHSA-2023:1044
reference_id	RHSA-2023:1044
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1044

154

reference_url	https://access.redhat.com/errata/RHSA-2023:1045
reference_id	RHSA-2023:1045
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1045

155

reference_url	https://access.redhat.com/errata/RHSA-2023:1049
reference_id	RHSA-2023:1049
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1049

156

reference_url	https://access.redhat.com/errata/RHSA-2025:1070
reference_id	RHSA-2025:1070
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1070

157

reference_url	https://access.redhat.com/errata/RHSA-2025:1185
reference_id	RHSA-2025:1185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1185

158

reference_url	https://access.redhat.com/errata/RHSA-2025:1209
reference_id	RHSA-2025:1209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1209

159

reference_url	https://access.redhat.com/errata/RHSA-2025:1210
reference_id	RHSA-2025:1210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1210

160

reference_url	https://access.redhat.com/errata/RHSA-2025:1211
reference_id	RHSA-2025:1211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1211

161

reference_url	https://access.redhat.com/errata/RHSA-2025:1212
reference_id	RHSA-2025:1212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1212

162

reference_url	https://access.redhat.com/errata/RHSA-2025:1213
reference_id	RHSA-2025:1213
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1213

163

reference_url	https://access.redhat.com/errata/RHSA-2025:1214
reference_id	RHSA-2025:1214
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1214

164

reference_url	https://access.redhat.com/errata/RHSA-2025:1215
reference_id	RHSA-2025:1215
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1215

165

reference_url	https://access.redhat.com/errata/RHSA-2025:1216
reference_id	RHSA-2025:1216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1216

166

reference_url	https://access.redhat.com/errata/RHSA-2025:1217
reference_id	RHSA-2025:1217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1217

167

reference_url	https://access.redhat.com/errata/RHSA-2025:1247
reference_id	RHSA-2025:1247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1247

168

reference_url	https://access.redhat.com/errata/RHSA-2025:1249
reference_id	RHSA-2025:1249
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1249

169

reference_url	https://access.redhat.com/errata/RHSA-2025:1255
reference_id	RHSA-2025:1255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1255

170

reference_url	https://access.redhat.com/errata/RHSA-2025:1256
reference_id	RHSA-2025:1256
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1256

171

reference_url	https://access.redhat.com/errata/RHSA-2025:1300
reference_id	RHSA-2025:1300
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1300

172

reference_url	https://access.redhat.com/errata/RHSA-2025:1301
reference_id	RHSA-2025:1301
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1301

173

reference_url	https://access.redhat.com/errata/RHSA-2025:1303
reference_id	RHSA-2025:1303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1303

174

reference_url	https://access.redhat.com/errata/RHSA-2025:1304
reference_id	RHSA-2025:1304
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1304

175

reference_url	https://access.redhat.com/errata/RHSA-2025:1305
reference_id	RHSA-2025:1305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1305

176

reference_url	https://access.redhat.com/errata/RHSA-2025:1306
reference_id	RHSA-2025:1306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1306

177

reference_url	https://access.redhat.com/errata/RHSA-2025:1308
reference_id	RHSA-2025:1308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1308

178

reference_url	https://access.redhat.com/errata/RHSA-2025:1309
reference_id	RHSA-2025:1309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1309

179

reference_url	https://access.redhat.com/errata/RHSA-2025:1310
reference_id	RHSA-2025:1310
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1310

180

reference_url	https://access.redhat.com/errata/RHSA-2025:1311
reference_id	RHSA-2025:1311
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1311

181

reference_url	https://access.redhat.com/errata/RHSA-2025:1312
reference_id	RHSA-2025:1312
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1312

182

reference_url	https://access.redhat.com/errata/RHSA-2025:1314
reference_id	RHSA-2025:1314
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1314

183

reference_url	https://access.redhat.com/errata/RHSA-2025:1315
reference_id	RHSA-2025:1315
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1315

184

reference_url	https://access.redhat.com/errata/RHSA-2025:1329
reference_id	RHSA-2025:1329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1329

185

reference_url	https://access.redhat.com/errata/RHSA-2025:1338
reference_id	RHSA-2025:1338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1338

186

reference_url	https://access.redhat.com/errata/RHSA-2025:1342
reference_id	RHSA-2025:1342
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1342

187

reference_url	https://access.redhat.com/errata/RHSA-2025:1346
reference_id	RHSA-2025:1346
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1346

188

reference_url	https://access.redhat.com/errata/RHSA-2025:1514
reference_id	RHSA-2025:1514
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1514

189

reference_url	https://access.redhat.com/errata/RHSA-2025:1515
reference_id	RHSA-2025:1515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1515

190

reference_url	https://access.redhat.com/errata/RHSA-2025:1580
reference_id	RHSA-2025:1580
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1580

191

reference_url	https://access.redhat.com/errata/RHSA-2025:1601
reference_id	RHSA-2025:1601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1601

192

reference_url	https://access.redhat.com/errata/RHSA-2025:1983
reference_id	RHSA-2025:1983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1983

193

reference_url	https://access.redhat.com/errata/RHSA-2025:2426
reference_id	RHSA-2025:2426
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2426

194

reference_url

https://www.drupal.org/sa-core-2020-002

reference_id

sa-core-2020-002

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.drupal.org/sa-core-2020-002

195

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/

reference_id

SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/

196

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/

reference_id

SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/

197

reference_url

https://www.tenable.com/security/tns-2021-02

reference_id

tns-2021-02

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.tenable.com/security/tns-2021-02

198

reference_url

https://www.tenable.com/security/tns-2021-10

reference_id

tns-2021-10

reference_type

scores

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N/E:H

value	6.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T18:07:17Z/

url

https://www.tenable.com/security/tns-2021-10

199

reference_url	https://usn.ubuntu.com/7246-1/
reference_id	USN-7246-1
reference_type
scores
url	https://usn.ubuntu.com/7246-1/

200

reference_url	https://usn.ubuntu.com/7622-1/
reference_id	USN-7622-1
reference_type
scores
url	https://usn.ubuntu.com/7622-1/

201

reference_url	https://usn.ubuntu.com/7658-1/
reference_id	USN-7658-1
reference_type
scores
url	https://usn.ubuntu.com/7658-1/

fixed_packages

url pkg:composer/drupal/core@8.8.6

purl pkg:composer/drupal/core@8.8.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4bym-pcfj-ykde

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-va7j-agmp-n3hs

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-vqgz-v922-vbh7

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.6

url pkg:composer/drupal/core@8.9.0-beta1

purl pkg:composer/drupal/core@8.9.0-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.0-beta1

aliases CVE-2020-11023, GHSA-jpcq-cgw6-v4j6

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kufg-z717-b7hm

url VCID-muhk-wbuy-97bu

vulnerability_id VCID-muhk-wbuy-97bu

summary

Multiple vulnerabilities have been found in PEAR Archive_Tar, the
    worst of which could result in the arbitrary execution of code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28948.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28948

reference_id

reference_type

scores

value	0.76873
scoring_system	epss
scoring_elements	0.98984
published_at	2026-06-14T12:55:00Z

value	0.76873
scoring_system	epss
scoring_elements	0.98983
published_at	2026-06-13T12:55:00Z

value	0.76873
scoring_system	epss
scoring_elements	0.98979
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28948

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28948

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28949

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28948

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28948

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1904001
reference_id	1904001
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1904001

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108
reference_id	976108
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976108

reference_url

https://github.com/advisories/GHSA-jh5x-hfhg-78jq

reference_id

GHSA-jh5x-hfhg-78jq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jh5x-hfhg-78jq

reference_url	https://access.redhat.com/errata/RHSA-2022:6541
reference_id	RHSA-2022:6541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6541

reference_url	https://access.redhat.com/errata/RHSA-2022:6542
reference_id	RHSA-2022:6542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6542

reference_url	https://access.redhat.com/errata/RHSA-2022:7340
reference_id	RHSA-2022:7340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7340

reference_url	https://usn.ubuntu.com/4654-1/
reference_id	USN-4654-1
reference_type
scores
url	https://usn.ubuntu.com/4654-1/

reference_url	https://usn.ubuntu.com/6981-1/
reference_id	USN-6981-1
reference_type
scores
url	https://usn.ubuntu.com/6981-1/

reference_url	https://usn.ubuntu.com/6981-2/
reference_id	USN-6981-2
reference_type
scores
url	https://usn.ubuntu.com/6981-2/

fixed_packages

url pkg:composer/drupal/core@8.9.10

purl pkg:composer/drupal/core@8.9.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.10

url pkg:composer/drupal/core@9.0.0-alpha1

purl pkg:composer/drupal/core@9.0.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.0-alpha1

url pkg:composer/drupal/core@9.0.9

purl pkg:composer/drupal/core@9.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.9

url pkg:composer/drupal/core@9.1.0-alpha1

purl pkg:composer/drupal/core@9.1.0-alpha1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.0-alpha1

aliases CVE-2020-28948, GHSA-jh5x-hfhg-78jq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-muhk-wbuy-97bu

url VCID-nhub-1map-n3by

vulnerability_id VCID-nhub-1map-n3by

summary Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25277

reference_id

reference_type

scores

value	0.02448
scoring_system	epss
scoring_elements	0.85574
published_at	2026-06-12T12:55:00Z

value	0.02448
scoring_system	epss
scoring_elements	0.85576
published_at	2026-06-14T12:55:00Z

value	0.02448
scoring_system	epss
scoring_elements	0.85523
published_at	2026-06-11T12:55:00Z

value	0.02448
scoring_system	epss
scoring_elements	0.85584
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25277

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/1cd1830d79f221cc8490f53c2bb487dd07094f17

reference_url

https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/5d464ea4407c50e40dcf6cb5ee376e7b8dd36f3a

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25277

reference_id

CVE-2022-25277

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25277

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml

reference_id

CVE-2022-25277.YAML

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25277.yaml

reference_url

https://github.com/advisories/GHSA-6955-67hm-vjjq

reference_id

GHSA-6955-67hm-vjjq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6955-67hm-vjjq

reference_url

https://www.drupal.org/sa-core-2022-014

reference_id

sa-core-2022-014

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-03T18:41:13Z/

url

https://www.drupal.org/sa-core-2022-014

fixed_packages

url pkg:composer/drupal/core@9.3.19

purl pkg:composer/drupal/core@9.3.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19

url pkg:composer/drupal/core@9.4.3

purl pkg:composer/drupal/core@9.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3

aliases CVE-2022-25277, GHSA-6955-67hm-vjjq, GMS-2022-3361

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhub-1map-n3by

url VCID-nx17-duan-vyak

vulnerability_id VCID-nx17-duan-vyak

summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13081

reference_id

reference_type

scores

value	0.00135
scoring_system	epss
scoring_elements	0.33297
published_at	2026-06-13T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33095
published_at	2026-06-11T12:55:00Z

value	0.00135
scoring_system	epss
scoring_elements	0.33277
published_at	2026-06-12T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40064
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13081

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	4.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13081

reference_url

reference_id

CVE-2025-13081

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	4.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13081

reference_url

https://github.com/advisories/GHSA-m6vv-vcj8-w8m7

reference_id

GHSA-m6vv-vcj8-w8m7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m6vv-vcj8-w8m7

reference_url

https://www.drupal.org/sa-core-2025-006

reference_id

sa-core-2025-006

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

value	4.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/

url

https://www.drupal.org/sa-core-2025-006

fixed_packages

url	pkg:composer/drupal/core@10.4.9
purl	pkg:composer/drupal/core@10.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9

url	pkg:composer/drupal/core@10.5.6
purl	pkg:composer/drupal/core@10.5.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.5.6

url	pkg:composer/drupal/core@11.1.9
purl	pkg:composer/drupal/core@11.1.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.9

url	pkg:composer/drupal/core@11.2.8
purl	pkg:composer/drupal/core@11.2.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.2.8

aliases CVE-2025-13081, GHSA-m6vv-vcj8-w8m7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nx17-duan-vyak

url VCID-qvsn-ab7h-cqc5

vulnerability_id VCID-qvsn-ab7h-cqc5

summary multiple issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13672

reference_id

reference_type

scores

value	0.00555
scoring_system	epss
scoring_elements	0.68669
published_at	2026-06-14T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68571
published_at	2026-06-11T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68674
published_at	2026-06-13T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68661
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13672

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-002

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-002

reference_url

https://security.archlinux.org/AVG-1463

reference_id

AVG-1463

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1463

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13672

reference_id

CVE-2020-13672

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13672

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml

reference_id

CVE-2020-13672.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13672.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml

reference_id

CVE-2020-13672.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13672.yaml

reference_url

https://github.com/advisories/GHSA-3m36-mjwj-352c

reference_id

GHSA-3m36-mjwj-352c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3m36-mjwj-352c

fixed_packages

url pkg:composer/drupal/core@8.9.14

purl pkg:composer/drupal/core@8.9.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.14

url pkg:composer/drupal/core@9.0.12

purl pkg:composer/drupal/core@9.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.12

url pkg:composer/drupal/core@9.1.7

purl pkg:composer/drupal/core@9.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.7

aliases CVE-2020-13672, GHSA-3m36-mjwj-352c

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qvsn-ab7h-cqc5

url VCID-rf34-12k7-xbh4

vulnerability_id VCID-rf34-12k7-xbh4

summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-3057

reference_id

reference_type

scores

value	0.00406
scoring_system	epss
scoring_elements	0.61608
published_at	2026-06-12T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61613
published_at	2026-06-14T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61505
published_at	2026-06-11T12:55:00Z

value	0.00406
scoring_system	epss
scoring_elements	0.61617
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-3057

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-3057

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-3057

reference_url

https://github.com/advisories/GHSA-39g6-x4x8-5jcm

reference_id

GHSA-39g6-x4x8-5jcm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-39g6-x4x8-5jcm

reference_url

https://www.drupal.org/sa-core-2025-001

reference_id

sa-core-2025-001

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T13:26:50Z/

url

https://www.drupal.org/sa-core-2025-001

fixed_packages

url pkg:composer/drupal/core@10.3.13

purl pkg:composer/drupal/core@10.3.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.13

url pkg:composer/drupal/core@10.4.3

purl pkg:composer/drupal/core@10.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.3

url pkg:composer/drupal/core@11.0.12

purl pkg:composer/drupal/core@11.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.12

url pkg:composer/drupal/core@11.1.3

purl pkg:composer/drupal/core@11.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.3

aliases CVE-2025-3057, GHSA-39g6-x4x8-5jcm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rf34-12k7-xbh4

url VCID-tdsq-5bqr-aufq

vulnerability_id VCID-tdsq-5bqr-aufq

summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. It also affects the Drupal 7 module from versions 7.x-1.0 through 7.x-1.12.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-31675

reference_id

reference_type

scores

value	0.0014
scoring_system	epss
scoring_elements	0.339
published_at	2026-06-11T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34079
published_at	2026-06-14T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34076
published_at	2026-06-12T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34101
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-31675

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31675

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31675

reference_url

https://www.herodevs.com/vulnerability-directory/cve-2025-31675

reference_id

cve-2025-31675

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/

url

https://www.herodevs.com/vulnerability-directory/cve-2025-31675

reference_url

https://github.com/advisories/GHSA-m4wj-hhwj-47qp

reference_id

GHSA-m4wj-hhwj-47qp

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m4wj-hhwj-47qp

reference_url

https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004

reference_id

link-moderately-critical-cross-site-scripting-sa-core-2025-004

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/

url

https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004

reference_url

https://www.drupal.org/sa-core-2025-004

reference_id

sa-core-2025-004

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-01T18:21:31Z/

url

https://www.drupal.org/sa-core-2025-004

fixed_packages

url pkg:composer/drupal/core@10.3.14

purl pkg:composer/drupal/core@10.3.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.14

url pkg:composer/drupal/core@10.4.5

purl pkg:composer/drupal/core@10.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.5

url pkg:composer/drupal/core@11.0.13

purl pkg:composer/drupal/core@11.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.0.13

url pkg:composer/drupal/core@11.1.5

purl pkg:composer/drupal/core@11.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@11.1.5

aliases CVE-2025-31675, GHSA-m4wj-hhwj-47qp

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tdsq-5bqr-aufq

url VCID-v7ya-c9mf-e7dp

vulnerability_id VCID-v7ya-c9mf-e7dp

summary Drupal core Cross-Site Scripting (XSS) vulnerabilities

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2021-05-26.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2021-05-26.yaml

reference_url

https://www.drupal.org/sa-core-2021-005

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-005

reference_url

https://github.com/advisories/GHSA-vfgc-c76h-mwh4

reference_id

GHSA-vfgc-c76h-mwh4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vfgc-c76h-mwh4

fixed_packages

url pkg:composer/drupal/core@8.9.18

purl pkg:composer/drupal/core@8.9.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.18

url pkg:composer/drupal/core@9.1.12

purl pkg:composer/drupal/core@9.1.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.12

url pkg:composer/drupal/core@9.2.4

purl pkg:composer/drupal/core@9.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-91kw-xn5d-pbbe

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sdue-15dg-4ugt

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yjm8-gadp-jkhr

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.4

aliases GHSA-vfgc-c76h-mwh4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7ya-c9mf-e7dp

url VCID-va7j-agmp-n3hs

vulnerability_id VCID-va7j-agmp-n3hs

summary Drupal Core Arbitrary PHP code execution vulnerability

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13664

reference_id

reference_type

scores

value	0.01962
scoring_system	epss
scoring_elements	0.83953
published_at	2026-06-12T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83896
published_at	2026-06-11T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83957
published_at	2026-06-14T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83961
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13664

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-005

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-005

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13664

reference_id

CVE-2020-13664

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13664

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13664.yaml

reference_id

CVE-2020-13664.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13664.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13664.yaml

reference_id

CVE-2020-13664.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13664.yaml

reference_url

https://github.com/advisories/GHSA-x72f-ggjw-v5xh

reference_id

GHSA-x72f-ggjw-v5xh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x72f-ggjw-v5xh

fixed_packages

url pkg:composer/drupal/core@8.8.8

purl pkg:composer/drupal/core@8.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.8

url pkg:composer/drupal/core@8.9.1

purl pkg:composer/drupal/core@8.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.1

url pkg:composer/drupal/core@9.0.1

purl pkg:composer/drupal/core@9.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.1

aliases CVE-2020-13664, GHSA-x72f-ggjw-v5xh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-va7j-agmp-n3hs

url VCID-vpn8-qteh-9yhz

vulnerability_id VCID-vpn8-qteh-9yhz

summary Drupal core Denial of Service vulnerability

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/2f76ac716ca8019bc60579fdfc8aa6cd65d57dff

reference_url

https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/5e606b560ac4ecb08135f12b6165bbe0348346a0

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/2024-01-17.yaml

reference_url

https://github.com/advisories/GHSA-6ccv-8fgf-cjpw

reference_id

GHSA-6ccv-8fgf-cjpw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6ccv-8fgf-cjpw

fixed_packages

url pkg:composer/drupal/core@10.1.8

purl pkg:composer/drupal/core@10.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rdfc-4t9e-bqed

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.1.8

url pkg:composer/drupal/core@10.2.2

purl pkg:composer/drupal/core@10.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rdfc-4t9e-bqed

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.2

aliases GHSA-6ccv-8fgf-cjpw, GMS-2024-214

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpn8-qteh-9yhz

url VCID-vqgz-v922-vbh7

vulnerability_id VCID-vqgz-v922-vbh7

summary Drupal Core Access bypass vulnerability

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13665

reference_id

reference_type

scores

value	0.00581
scoring_system	epss
scoring_elements	0.69496
published_at	2026-06-12T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.69404
published_at	2026-06-11T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.69507
published_at	2026-06-14T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.69508
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13665

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-006

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-006

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13665

reference_id

CVE-2020-13665

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13665

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13665.yaml

reference_id

CVE-2020-13665.YAML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13665.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13665.yaml

reference_id

CVE-2020-13665.YAML

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13665.yaml

reference_url

https://github.com/advisories/GHSA-wxqp-jwc9-g39x

reference_id

GHSA-wxqp-jwc9-g39x

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wxqp-jwc9-g39x

fixed_packages

url pkg:composer/drupal/core@8.8.8

purl pkg:composer/drupal/core@8.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.8

url pkg:composer/drupal/core@8.9.1

purl pkg:composer/drupal/core@8.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.1

url pkg:composer/drupal/core@9.0.1

purl pkg:composer/drupal/core@9.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-2wdn-8583-v3dg

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-6j4t-zjnf-fbd3

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-kryq-8j5g-d7a6

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xqdw-4kd4-pyg9

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-yku8-k9fs-d7c8

vulnerability	VCID-ynha-d32y-6fdv

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.1

aliases CVE-2020-13665, GHSA-wxqp-jwc9-g39x

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vqgz-v922-vbh7

url VCID-w5a9-jg34-3ubx

vulnerability_id VCID-w5a9-jg34-3ubx

summary multiple issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13676

reference_id

reference_type

scores

value	0.00285
scoring_system	epss
scoring_elements	0.52309
published_at	2026-06-12T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52179
published_at	2026-06-11T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52302
published_at	2026-06-14T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.5232
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13676

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b

reference_url

https://www.drupal.org/sa-core-2021-009

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-009

reference_url

reference_id

AVG-2407

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13676

reference_url

reference_id

CVE-2020-13676

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13676

reference_url

https://github.com/advisories/GHSA-qfhg-m6r8-xxpj

reference_id

GHSA-qfhg-m6r8-xxpj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qfhg-m6r8-xxpj

fixed_packages

url pkg:composer/drupal/core@8.9.19

purl pkg:composer/drupal/core@8.9.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19

url pkg:composer/drupal/core@9.1.13

purl pkg:composer/drupal/core@9.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13

url pkg:composer/drupal/core@9.2.6

purl pkg:composer/drupal/core@9.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-91kw-xn5d-pbbe

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sdue-15dg-4ugt

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-yjm8-gadp-jkhr

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6

aliases CVE-2020-13676, GHSA-qfhg-m6r8-xxpj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5a9-jg34-3ubx

url VCID-wn4r-rc6m-xbhy

vulnerability_id VCID-wn4r-rc6m-xbhy

summary Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25278

reference_id

reference_type

scores

value	0.00479
scoring_system	epss
scoring_elements	0.65614
published_at	2026-06-13T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.65611
published_at	2026-06-14T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.65504
published_at	2026-06-11T12:55:00Z

value	0.00479
scoring_system	epss
scoring_elements	0.65604
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25278

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25278

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25278

reference_url

https://github.com/advisories/GHSA-cfh2-7f6h-3m85

reference_id

GHSA-cfh2-7f6h-3m85

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cfh2-7f6h-3m85

reference_url

https://www.drupal.org/sa-core-2022-013

reference_id

sa-core-2022-013

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:39:47Z/

url

https://www.drupal.org/sa-core-2022-013

fixed_packages

url pkg:composer/drupal/core@9.3.19

purl pkg:composer/drupal/core@9.3.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.19

url pkg:composer/drupal/core@9.4.3

purl pkg:composer/drupal/core@9.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-xrzg-mcnq-vqdb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.4.3

aliases CVE-2022-25278, GHSA-cfh2-7f6h-3m85

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wn4r-rc6m-xbhy

url VCID-xqdw-4kd4-pyg9

vulnerability_id VCID-xqdw-4kd4-pyg9

summary Drupal Core Access bypass vulnerability

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13667

reference_id

reference_type

scores

value	0.00144
scoring_system	epss
scoring_elements	0.34673
published_at	2026-06-12T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34496
published_at	2026-06-11T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34677
published_at	2026-06-14T12:55:00Z

value	0.00144
scoring_system	epss
scoring_elements	0.34698
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13667

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-008

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-008

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13667

reference_id

CVE-2020-13667

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13667

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13667.yaml

reference_id

CVE-2020-13667.YAML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13667.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13667.yaml

reference_id

CVE-2020-13667.YAML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13667.yaml

reference_url

https://github.com/advisories/GHSA-x2q9-r8gm-f657

reference_id

GHSA-x2q9-r8gm-f657

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x2q9-r8gm-f657

fixed_packages

url pkg:composer/drupal/core@8.8.10

purl pkg:composer/drupal/core@8.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10

url pkg:composer/drupal/core@8.9.6

purl pkg:composer/drupal/core@8.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6

url pkg:composer/drupal/core@9.0.6

purl pkg:composer/drupal/core@9.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6

aliases CVE-2020-13667, GHSA-x2q9-r8gm-f657

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqdw-4kd4-pyg9

url VCID-xrzg-mcnq-vqdb

vulnerability_id VCID-xrzg-mcnq-vqdb

summary

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.

Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-55638

reference_id

reference_type

scores

value	0.09932
scoring_system	epss
scoring_elements	0.93217
published_at	2026-06-14T12:55:00Z

value	0.09932
scoring_system	epss
scoring_elements	0.93191
published_at	2026-06-11T12:55:00Z

value	0.09932
scoring_system	epss
scoring_elements	0.93215
published_at	2026-06-13T12:55:00Z

value	0.09932
scoring_system	epss
scoring_elements	0.93214
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-55638

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-55638

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-55638

reference_url

https://github.com/advisories/GHSA-gvf2-2f4g-jqf4

reference_id

GHSA-gvf2-2f4g-jqf4

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gvf2-2f4g-jqf4

reference_url

https://www.drupal.org/sa-core-2024-008

reference_id

sa-core-2024-008

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:19:33Z/

url

https://www.drupal.org/sa-core-2024-008

fixed_packages

url pkg:composer/drupal/core@10.2.11

purl pkg:composer/drupal/core@10.2.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.2.11

url pkg:composer/drupal/core@10.3.9

purl pkg:composer/drupal/core@10.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.3.9

aliases CVE-2024-55638, GHSA-gvf2-2f4g-jqf4

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xrzg-mcnq-vqdb

url VCID-xsma-2ryf-zqd4

vulnerability_id VCID-xsma-2ryf-zqd4

summary multiple issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13675

reference_id

reference_type

scores

value	0.00797
scoring_system	epss
scoring_elements	0.74504
published_at	2026-06-12T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74432
published_at	2026-06-11T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74516
published_at	2026-06-14T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74518
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13675

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-008

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-008

reference_url

reference_id

AVG-2407

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13675

reference_url

reference_id

CVE-2020-13675

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13675

reference_url

https://github.com/advisories/GHSA-v8wr-r69p-mmwx

reference_id

GHSA-v8wr-r69p-mmwx

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v8wr-r69p-mmwx

fixed_packages

url pkg:composer/drupal/core@8.9.19

purl pkg:composer/drupal/core@8.9.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.19

url pkg:composer/drupal/core@9.1.13

purl pkg:composer/drupal/core@9.1.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.1.13

url pkg:composer/drupal/core@9.2.6

purl pkg:composer/drupal/core@9.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-91kw-xn5d-pbbe

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sdue-15dg-4ugt

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-yjm8-gadp-jkhr

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.6

aliases CVE-2020-13675, GHSA-v8wr-r69p-mmwx

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsma-2ryf-zqd4

url VCID-yku8-k9fs-d7c8

vulnerability_id VCID-yku8-k9fs-d7c8

summary Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13669

reference_id

reference_type

scores

value	0.00204
scoring_system	epss
scoring_elements	0.42605
published_at	2026-06-12T12:55:00Z

value	0.00204
scoring_system	epss
scoring_elements	0.42442
published_at	2026-06-11T12:55:00Z

value	0.00204
scoring_system	epss
scoring_elements	0.42616
published_at	2026-06-14T12:55:00Z

value	0.00204
scoring_system	epss
scoring_elements	0.42626
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13669

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-010

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2020-010

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13669

reference_id

CVE-2020-13669

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13669

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml

reference_id

CVE-2020-13669.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13669.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml

reference_id

CVE-2020-13669.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13669.yaml

reference_url

https://github.com/advisories/GHSA-c533-c843-67h8

reference_id

GHSA-c533-c843-67h8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c533-c843-67h8

fixed_packages

url pkg:composer/drupal/core@8.8.10

purl pkg:composer/drupal/core@8.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10

url pkg:composer/drupal/core@8.9.6

purl pkg:composer/drupal/core@8.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6

url pkg:composer/drupal/core@9.0.6

purl pkg:composer/drupal/core@9.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6

aliases CVE-2020-13669, GHSA-c533-c843-67h8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yku8-k9fs-d7c8

url VCID-ynha-d32y-6fdv

vulnerability_id VCID-ynha-d32y-6fdv

summary Drupal Core Cross-site scripting vulnerability

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13688

reference_id

reference_type

scores

value	0.0034
scoring_system	epss
scoring_elements	0.57216
published_at	2026-06-12T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.57098
published_at	2026-06-11T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.57224
published_at	2026-06-14T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.5723
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13688

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13688

reference_url

reference_id

CVE-2020-13688

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13688

reference_url

https://github.com/advisories/GHSA-qf2g-mrrx-rr5p

reference_id

GHSA-qf2g-mrrx-rr5p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qf2g-mrrx-rr5p

fixed_packages

url pkg:composer/drupal/core@8.8.10

purl pkg:composer/drupal/core@8.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.8.10

url pkg:composer/drupal/core@8.9.6

purl pkg:composer/drupal/core@8.9.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57k5-xdsf-h3ch

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-k48k-jdda-zqbh

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-v7ya-c9mf-e7dp

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-w5a9-jg34-3ubx

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-xsma-2ryf-zqd4

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.9.6

url pkg:composer/drupal/core@9.0.6

purl pkg:composer/drupal/core@9.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-57nk-7ugd-vucf

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7r9b-pzqb-cqea

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-a4ps-1cdu-4ucv

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-ed3c-h2ww-j3gm

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-muhk-wbuy-97bu

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-qvsn-ab7h-cqc5

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-sqp3-huku-rqcc

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zxut-nxke-7fce

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.0.6

aliases CVE-2020-13688, GHSA-qf2g-mrrx-rr5p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ynha-d32y-6fdv

url VCID-zxut-nxke-7fce

vulnerability_id VCID-zxut-nxke-7fce

summary Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25273

reference_id

reference_type

scores

value	0.0047
scoring_system	epss
scoring_elements	0.65123
published_at	2026-06-14T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.65015
published_at	2026-06-11T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.65126
published_at	2026-06-13T12:55:00Z

value	0.0047
scoring_system	epss
scoring_elements	0.65115
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25273

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25273

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25273

reference_url

https://github.com/advisories/GHSA-g36h-4jr6-qmm9

reference_id

GHSA-g36h-4jr6-qmm9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g36h-4jr6-qmm9

reference_url

https://www.drupal.org/sa-core-2022-008

reference_id

sa-core-2022-008

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/

url

https://www.drupal.org/sa-core-2022-008

fixed_packages

url pkg:composer/drupal/core@9.2.18

purl pkg:composer/drupal/core@9.2.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-91kw-xn5d-pbbe

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.2.18

url pkg:composer/drupal/core@9.3.12

purl pkg:composer/drupal/core@9.3.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1d2m-3ycf-3ycf

vulnerability	VCID-1w42-v1sq-fkac

vulnerability	VCID-227y-mp79-jydd

vulnerability	VCID-26ck-rher-hfg4

vulnerability	VCID-4sqe-bvj6-pkdq

vulnerability	VCID-7669-dguj-2qfd

vulnerability	VCID-7sar-42a4-kqdy

vulnerability	VCID-91kw-xn5d-pbbe

vulnerability	VCID-94he-hr4a-yygs

vulnerability	VCID-9jxk-pzre-4kgx

vulnerability	VCID-aqce-af3u-myd2

vulnerability	VCID-e5uh-sqmj-qyg7

vulnerability	VCID-eje5-fhmg-hbbt

vulnerability	VCID-ggb3-jgrj-hken

vulnerability	VCID-hdq9-fe9e-93hb

vulnerability	VCID-nhub-1map-n3by

vulnerability	VCID-nx17-duan-vyak

vulnerability	VCID-rf34-12k7-xbh4

vulnerability	VCID-tdsq-5bqr-aufq

vulnerability	VCID-vpn8-qteh-9yhz

vulnerability	VCID-wn4r-rc6m-xbhy

vulnerability	VCID-xrzg-mcnq-vqdb

vulnerability	VCID-zymc-a812-1ua5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@9.3.12

aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxut-nxke-7fce

url VCID-zymc-a812-1ua5

vulnerability_id VCID-zymc-a812-1ua5

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25276

reference_id

reference_type

scores

value	0.01831
scoring_system	epss
scoring_elements	0.83322
published_at	2026-06-11T12:55:00Z

value	0.01831
scoring_system	epss
scoring_elements	0.83383
published_at	2026-06-12T12:55:00Z

value	0.01831
scoring_system	epss
scoring_elements	0.83392
published_at	2026-06-13T12:55:00Z

value	0.01831
scoring_system	epss
scoring_elements	0.83388
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25276

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url