Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/drupal/drupal@9.3.12
Typecomposer
Namespacedrupal
Namedrupal
Version9.3.12
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version9.3.19
Latest_non_vulnerable_version11.0.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-5jad-7hr3-eqh9
vulnerability_id VCID-5jad-7hr3-eqh9
summary 
Incorrect Authorization
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25274
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.38922
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25274
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-009
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T18:47:15Z/
url https://www.drupal.org/sa-core-2022-009
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25274
reference_id CVE-2022-25274
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25274
4
reference_url https://github.com/advisories/GHSA-7jr4-hgqx-vwgq
reference_id GHSA-7jr4-hgqx-vwgq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7jr4-hgqx-vwgq
fixed_packages
0
url pkg:composer/drupal/drupal@9.3.12
purl pkg:composer/drupal/drupal@9.3.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.12
aliases CVE-2022-25274, GHSA-7jr4-hgqx-vwgq
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5jad-7hr3-eqh9
1
url VCID-h93x-dbpr-q7cz
vulnerability_id VCID-h93x-dbpr-q7cz
summary 
Improper Input Validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
reference_id
reference_type
scores
0
value 0.00474
scoring_system epss
scoring_elements 0.65065
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25273
1
reference_url https://github.com/drupal/core
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/drupal/core
2
reference_url https://www.drupal.org/sa-core-2022-008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:19:11Z/
url https://www.drupal.org/sa-core-2022-008
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
reference_id CVE-2022-25273
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25273
4
reference_url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
reference_id GHSA-g36h-4jr6-qmm9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g36h-4jr6-qmm9
fixed_packages
0
url pkg:composer/drupal/drupal@9.2.18
purl pkg:composer/drupal/drupal@9.2.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.2.18
1
url pkg:composer/drupal/drupal@9.3.12
purl pkg:composer/drupal/drupal@9.3.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.12
aliases CVE-2022-25273, GHSA-g36h-4jr6-qmm9
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h93x-dbpr-q7cz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@9.3.12