Lookup for vulnerable packages by Package URL.
| Purl | pkg:composer/drupal/core@10.4.9 |
|---|
| Type | composer |
|---|
| Namespace | drupal |
|---|
| Name | core |
|---|
| Version | 10.4.9 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 10.5.6 |
|---|
| Latest_non_vulnerable_version | 11.3.7 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-a3s2-c4k2-4ufn |
| vulnerability_id |
VCID-a3s2-c4k2-4ufn |
| summary |
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13083 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01492 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01486 |
| published_at |
2026-06-08T12:55:00Z |
|
| 2 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01495 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00011 |
| scoring_system |
epss |
| scoring_elements |
0.01484 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13083 |
|
| 1 |
| reference_url |
https://github.com/drupal/core |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
1.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/drupal/core |
|
| 2 |
| reference_url |
https://www.drupal.org/sa-core-2025-008 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
3.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
1.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:31:33Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2025-008 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-13083, GHSA-mhpg-hpj5-73r2
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a3s2-c4k2-4ufn |
|
| 1 |
| url |
VCID-kzrs-mrga-nyej |
| vulnerability_id |
VCID-kzrs-mrga-nyej |
| summary |
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13082 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13805 |
| published_at |
2026-06-08T12:55:00Z |
|
| 1 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13889 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13926 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00044 |
| scoring_system |
epss |
| scoring_elements |
0.13922 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13082 |
|
| 1 |
|
| 2 |
| reference_url |
https://www.drupal.org/sa-core-2025-007 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:32:40Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2025-007 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-13082, GHSA-h89p-5896-f4q8
|
| risk_score |
1.5 |
| exploitability |
0.5 |
| weighted_severity |
3.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kzrs-mrga-nyej |
|
| 2 |
| url |
VCID-p54u-b18k-jyft |
| vulnerability_id |
VCID-p54u-b18k-jyft |
| summary |
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13080 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00093 |
| scoring_system |
epss |
| scoring_elements |
0.26032 |
| published_at |
2026-06-08T12:55:00Z |
|
| 1 |
| value |
0.00093 |
| scoring_system |
epss |
| scoring_elements |
0.26087 |
| published_at |
2026-06-07T12:55:00Z |
|
| 2 |
| value |
0.00093 |
| scoring_system |
epss |
| scoring_elements |
0.26133 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00093 |
| scoring_system |
epss |
| scoring_elements |
0.26138 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13080 |
|
| 1 |
|
| 2 |
| reference_url |
https://www.drupal.org/sa-core-2025-005 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
|
| 1 |
| value |
2.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-18T20:35:13Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2025-005 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-13080, GHSA-83v7-c2cf-p9c2
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p54u-b18k-jyft |
|
| 3 |
| url |
VCID-yq4q-hydz-vuga |
| vulnerability_id |
VCID-yq4q-hydz-vuga |
| summary |
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13081 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00135 |
| scoring_system |
epss |
| scoring_elements |
0.33104 |
| published_at |
2026-06-06T12:55:00Z |
|
| 1 |
| value |
0.00135 |
| scoring_system |
epss |
| scoring_elements |
0.33035 |
| published_at |
2026-06-08T12:55:00Z |
|
| 2 |
| value |
0.00135 |
| scoring_system |
epss |
| scoring_elements |
0.33067 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00135 |
| scoring_system |
epss |
| scoring_elements |
0.33091 |
| published_at |
2026-06-05T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-13081 |
|
| 1 |
| reference_url |
https://github.com/drupal/core |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
4.5 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/drupal/core |
|
| 2 |
| reference_url |
https://www.drupal.org/sa-core-2025-006 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
4.5 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-19T04:55:20Z/ |
|
|
| url |
https://www.drupal.org/sa-core-2025-006 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-13081, GHSA-m6vv-vcj8-w8m7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yq4q-hydz-vuga |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:composer/drupal/core@10.4.9 |
|---|