{"url":"http://public2.vulnerablecode.io/api/packages/51565?format=json","purl":"pkg:composer/drupal/core@7.38.0","type":"composer","namespace":"drupal","name":"core","version":"7.38.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.56.0","latest_non_vulnerable_version":"11.2.8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10898?format=json","vulnerability_id":"VCID-55x9-nh66-1qh5","summary":"Open redirect via path manipulation\nDrupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3164","reference_id":"","reference_type":"","scores":[{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72325","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3164"},{"reference_url":"https://www.drupal.org/SA-CORE-2016-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2016-001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3164","reference_id":"CVE-2016-3164","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3164"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51569?format=json","purl":"pkg:composer/drupal/core@8.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.4"}],"aliases":["CVE-2016-3164"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-55x9-nh66-1qh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6349?format=json","vulnerability_id":"VCID-73wt-yx56-tqd4","summary":"open redirect","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9451","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30451","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9451"},{"reference_url":"https://www.drupal.org/SA-CORE-2016-005","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2016-005"},{"reference_url":"http://www.securityfocus.com/bid/94367","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94367"},{"reference_url":"https://security.archlinux.org/AVG-75","reference_id":"AVG-75","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-75"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9451","reference_id":"CVE-2016-9451","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9451"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51568?format=json","purl":"pkg:composer/drupal/core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ef-6vth-nugg"},{"vulnerability":"VCID-163u-tpj9-skc5"},{"vulnerability":"VCID-1jfe-j1fz-juec"},{"vulnerability":"VCID-1jvt-6dac-7qc5"},{"vulnerability":"VCID-1unn-dn56-vufe"},{"vulnerability":"VCID-1xsh-7f63-v3df"},{"vulnerability":"VCID-3k2a-rajw-87cb"},{"vulnerability":"VCID-3x3y-uf5e-m7hw"},{"vulnerability":"VCID-49e1-axzk-3bdq"},{"vulnerability":"VCID-4p5n-ujzt-qfdx"},{"vulnerability":"VCID-5821-1xss-8fdu"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-757r-nv73-gfhg"},{"vulnerability":"VCID-7kzf-7csh-wkds"},{"vulnerability":"VCID-7qhc-n6hc-ukbu"},{"vulnerability":"VCID-8fxw-fw46-yuar"},{"vulnerability":"VCID-9bsd-gqyd-cuh5"},{"vulnerability":"VCID-9ju9-nhf2-wfbe"},{"vulnerability":"VCID-9ux4-434v-jbb9"},{"vulnerability":"VCID-ardj-zyxg-9ued"},{"vulnerability":"VCID-az1b-uzab-jqdh"},{"vulnerability":"VCID-b2x6-54c3-jqa2"},{"vulnerability":"VCID-bnw7-px2h-ubha"},{"vulnerability":"VCID-cfty-fvf7-3kcx"},{"vulnerability":"VCID-d173-npte-yqdt"},{"vulnerability":"VCID-e8mp-5awh-eybz"},{"vulnerability":"VCID-ezsv-96h9-x3ah"},{"vulnerability":"VCID-f687-ubdn-37en"},{"vulnerability":"VCID-fmc9-t9a1-5fcx"},{"vulnerability":"VCID-fmyh-mnq6-uyb9"},{"vulnerability":"VCID-fx6n-du84-yya2"},{"vulnerability":"VCID-fy43-ubmr-pfhu"},{"vulnerability":"VCID-g6px-rqtp-vqev"},{"vulnerability":"VCID-gr7c-tbh9-ayh6"},{"vulnerability":"VCID-h93x-dbpr-q7cz"},{"vulnerability":"VCID-hz2k-at38-wbeb"},{"vulnerability":"VCID-j1yc-pqhw-pbh1"},{"vulnerability":"VCID-j2g3-u36y-nqdv"},{"vulnerability":"VCID-j4r9-8g22-vydm"},{"vulnerability":"VCID-j545-f44v-w3cn"},{"vulnerability":"VCID-j59x-5swn-fuga"},{"vulnerability":"VCID-jgec-wuca-bbf1"},{"vulnerability":"VCID-ksza-1wkb-hug6"},{"vulnerability":"VCID-ktfj-va32-2kbe"},{"vulnerability":"VCID-n6tq-72g7-afdg"},{"vulnerability":"VCID-nf7d-x5nj-d3dc"},{"vulnerability":"VCID-nfzm-eyht-kkb1"},{"vulnerability":"VCID-ngmk-qxmz-gkdz"},{"vulnerability":"VCID-nqz7-ej49-ckay"},{"vulnerability":"VCID-phkw-q4nd-m7hh"},{"vulnerability":"VCID-pyjy-13mt-cyck"},{"vulnerability":"VCID-qf91-4h5f-fuhv"},{"vulnerability":"VCID-re2h-u5bk-wqbw"},{"vulnerability":"VCID-s6ek-bjnx-9fc1"},{"vulnerability":"VCID-s8d1-k9q4-nkds"},{"vulnerability":"VCID-sbnt-qndd-xubz"},{"vulnerability":"VCID-svhr-wt5d-xbbq"},{"vulnerability":"VCID-txkf-hpah-r3hu"},{"vulnerability":"VCID-unh6-xwtu-mkbt"},{"vulnerability":"VCID-vbkh-vghp-qqht"},{"vulnerability":"VCID-vby4-6r8z-6qgy"},{"vulnerability":"VCID-vtwk-c1zr-jue5"},{"vulnerability":"VCID-vzwv-ueuz-myar"},{"vulnerability":"VCID-w85b-dws8-uyf1"},{"vulnerability":"VCID-yy7m-f66v-fbhz"},{"vulnerability":"VCID-z833-upr5-4ug5"},{"vulnerability":"VCID-zw77-b3nt-gbag"},{"vulnerability":"VCID-zye6-b5h4-kqch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0"}],"aliases":["CVE-2016-9451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73wt-yx56-tqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10885?format=json","vulnerability_id":"VCID-fbqa-6fpw-kyg9","summary":"Saving user accounts can sometimes grant the user all roles\nThe User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3169","reference_id":"","reference_type":"","scores":[{"value":"0.01016","scoring_system":"epss","scoring_elements":"0.77468","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3169"},{"reference_url":"https://www.drupal.org/SA-CORE-2016-001","reference_id":"","reference_type":"","scores":[],"url":"https://www.drupal.org/SA-CORE-2016-001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3169","reference_id":"CVE-2016-3169","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3169"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51568?format=json","purl":"pkg:composer/drupal/core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13ef-6vth-nugg"},{"vulnerability":"VCID-163u-tpj9-skc5"},{"vulnerability":"VCID-1jfe-j1fz-juec"},{"vulnerability":"VCID-1jvt-6dac-7qc5"},{"vulnerability":"VCID-1unn-dn56-vufe"},{"vulnerability":"VCID-1xsh-7f63-v3df"},{"vulnerability":"VCID-3k2a-rajw-87cb"},{"vulnerability":"VCID-3x3y-uf5e-m7hw"},{"vulnerability":"VCID-49e1-axzk-3bdq"},{"vulnerability":"VCID-4p5n-ujzt-qfdx"},{"vulnerability":"VCID-5821-1xss-8fdu"},{"vulnerability":"VCID-5txj-xsnq-ducf"},{"vulnerability":"VCID-757r-nv73-gfhg"},{"vulnerability":"VCID-7kzf-7csh-wkds"},{"vulnerability":"VCID-7qhc-n6hc-ukbu"},{"vulnerability":"VCID-8fxw-fw46-yuar"},{"vulnerability":"VCID-9bsd-gqyd-cuh5"},{"vulnerability":"VCID-9ju9-nhf2-wfbe"},{"vulnerability":"VCID-9ux4-434v-jbb9"},{"vulnerability":"VCID-ardj-zyxg-9ued"},{"vulnerability":"VCID-az1b-uzab-jqdh"},{"vulnerability":"VCID-b2x6-54c3-jqa2"},{"vulnerability":"VCID-bnw7-px2h-ubha"},{"vulnerability":"VCID-cfty-fvf7-3kcx"},{"vulnerability":"VCID-d173-npte-yqdt"},{"vulnerability":"VCID-e8mp-5awh-eybz"},{"vulnerability":"VCID-ezsv-96h9-x3ah"},{"vulnerability":"VCID-f687-ubdn-37en"},{"vulnerability":"VCID-fmc9-t9a1-5fcx"},{"vulnerability":"VCID-fmyh-mnq6-uyb9"},{"vulnerability":"VCID-fx6n-du84-yya2"},{"vulnerability":"VCID-fy43-ubmr-pfhu"},{"vulnerability":"VCID-g6px-rqtp-vqev"},{"vulnerability":"VCID-gr7c-tbh9-ayh6"},{"vulnerability":"VCID-h93x-dbpr-q7cz"},{"vulnerability":"VCID-hz2k-at38-wbeb"},{"vulnerability":"VCID-j1yc-pqhw-pbh1"},{"vulnerability":"VCID-j2g3-u36y-nqdv"},{"vulnerability":"VCID-j4r9-8g22-vydm"},{"vulnerability":"VCID-j545-f44v-w3cn"},{"vulnerability":"VCID-j59x-5swn-fuga"},{"vulnerability":"VCID-jgec-wuca-bbf1"},{"vulnerability":"VCID-ksza-1wkb-hug6"},{"vulnerability":"VCID-ktfj-va32-2kbe"},{"vulnerability":"VCID-n6tq-72g7-afdg"},{"vulnerability":"VCID-nf7d-x5nj-d3dc"},{"vulnerability":"VCID-nfzm-eyht-kkb1"},{"vulnerability":"VCID-ngmk-qxmz-gkdz"},{"vulnerability":"VCID-nqz7-ej49-ckay"},{"vulnerability":"VCID-phkw-q4nd-m7hh"},{"vulnerability":"VCID-pyjy-13mt-cyck"},{"vulnerability":"VCID-qf91-4h5f-fuhv"},{"vulnerability":"VCID-re2h-u5bk-wqbw"},{"vulnerability":"VCID-s6ek-bjnx-9fc1"},{"vulnerability":"VCID-s8d1-k9q4-nkds"},{"vulnerability":"VCID-sbnt-qndd-xubz"},{"vulnerability":"VCID-svhr-wt5d-xbbq"},{"vulnerability":"VCID-txkf-hpah-r3hu"},{"vulnerability":"VCID-unh6-xwtu-mkbt"},{"vulnerability":"VCID-vbkh-vghp-qqht"},{"vulnerability":"VCID-vby4-6r8z-6qgy"},{"vulnerability":"VCID-vtwk-c1zr-jue5"},{"vulnerability":"VCID-vzwv-ueuz-myar"},{"vulnerability":"VCID-w85b-dws8-uyf1"},{"vulnerability":"VCID-yy7m-f66v-fbhz"},{"vulnerability":"VCID-z833-upr5-4ug5"},{"vulnerability":"VCID-zw77-b3nt-gbag"},{"vulnerability":"VCID-zye6-b5h4-kqch"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@8.0.0"}],"aliases":["CVE-2016-3169"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fbqa-6fpw-kyg9"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@7.38.0"}