VulnerableCode Package Details - pkg:composer/drupal/core@10.3.0-beta1

Search for packages

Vulnerability	Summary	Fixed by
VCID-gb3e-bf77-4qbh Aliases: CVE-2025-31674 GHSA-2qph-q8xw-gv7q	Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.	10.3.13 Affected by 0 other vulnerabilities. 10.4.0-beta1 Affected by 0 other vulnerabilities. 10.4.3 Affected by 0 other vulnerabilities. 11.0.0-alpha1 Affected by 0 other vulnerabilities. 11.0.12 Affected by 0 other vulnerabilities. 11.1.0-beta1 Affected by 0 other vulnerabilities. 11.1.3 Affected by 0 other vulnerabilities.
VCID-mv7g-hw9g-s7cv Aliases: CVE-2025-31673 GHSA-wpp8-fjgf-pwc7	Drupal Core Vulnerable to Forceful Browsing Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.	10.3.13 Affected by 0 other vulnerabilities. 10.4.0-beta1 Affected by 0 other vulnerabilities. 10.4.3 Affected by 0 other vulnerabilities. 11.0.0-alpha1 Affected by 0 other vulnerabilities. 11.0.12 Affected by 0 other vulnerabilities. 11.1.0-beta1 Affected by 0 other vulnerabilities. 11.1.3 Affected by 0 other vulnerabilities.
VCID-uv8x-gggk-wuep Aliases: CVE-2025-3057 GHSA-39g6-x4x8-5jcm	Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.	10.3.13 Affected by 0 other vulnerabilities. 10.4.0-beta1 Affected by 0 other vulnerabilities. 10.4.3 Affected by 0 other vulnerabilities. 11.0.0-alpha1 Affected by 0 other vulnerabilities. 11.0.12 Affected by 0 other vulnerabilities. 11.1.0-beta1 Affected by 0 other vulnerabilities. 11.1.3 Affected by 0 other vulnerabilities.
VCID-vjpd-fkcc-t3ac Aliases: CVE-2025-31675 GHSA-m4wj-hhwj-47qp	Drupal Core Cross-Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.	10.3.14 Affected by 0 other vulnerabilities. 10.4.0-beta1 Affected by 0 other vulnerabilities. 10.4.5 Affected by 0 other vulnerabilities. 11.0.0-alpha1 Affected by 0 other vulnerabilities. 11.0.13 Affected by 0 other vulnerabilities. 11.1.0-beta1 Affected by 0 other vulnerabilities. 11.1.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-gb3e-bf77-4qbh
Aliases:
CVE-2025-31674
GHSA-2qph-q8xw-gv7q

Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

10.3.13
Affected by 0 other vulnerabilities.

10.4.0-beta1
Affected by 0 other vulnerabilities.

10.4.3
Affected by 0 other vulnerabilities.

11.0.0-alpha1
Affected by 0 other vulnerabilities.

11.0.12
Affected by 0 other vulnerabilities.

11.1.0-beta1
Affected by 0 other vulnerabilities.

11.1.3
Affected by 0 other vulnerabilities.

VCID-mv7g-hw9g-s7cv
Aliases:
CVE-2025-31673
GHSA-wpp8-fjgf-pwc7

Drupal Core Vulnerable to Forceful Browsing Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

10.3.13
Affected by 0 other vulnerabilities.

10.4.0-beta1
Affected by 0 other vulnerabilities.

10.4.3
Affected by 0 other vulnerabilities.

11.0.0-alpha1
Affected by 0 other vulnerabilities.

11.0.12
Affected by 0 other vulnerabilities.

11.1.0-beta1
Affected by 0 other vulnerabilities.

11.1.3
Affected by 0 other vulnerabilities.

VCID-uv8x-gggk-wuep
Aliases:
CVE-2025-3057
GHSA-39g6-x4x8-5jcm

Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

10.3.13
Affected by 0 other vulnerabilities.

10.4.0-beta1
Affected by 0 other vulnerabilities.

10.4.3
Affected by 0 other vulnerabilities.

11.0.0-alpha1
Affected by 0 other vulnerabilities.

11.0.12
Affected by 0 other vulnerabilities.

11.1.0-beta1
Affected by 0 other vulnerabilities.

11.1.3
Affected by 0 other vulnerabilities.

VCID-vjpd-fkcc-t3ac
Aliases:
CVE-2025-31675
GHSA-m4wj-hhwj-47qp

Drupal Core Cross-Site Scripting (XSS) Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.

10.3.14
Affected by 0 other vulnerabilities.

10.4.0-beta1
Affected by 0 other vulnerabilities.

10.4.5
Affected by 0 other vulnerabilities.

11.0.0-alpha1
Affected by 0 other vulnerabilities.

11.0.13
Affected by 0 other vulnerabilities.

11.1.0-beta1
Affected by 0 other vulnerabilities.

11.1.5
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T12:16:54.492397+00:00	GitLab Importer	Affected by	VCID-vjpd-fkcc-t3ac	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	37.0.0
2025-08-01T12:16:45.185560+00:00	GitLab Importer	Affected by	VCID-uv8x-gggk-wuep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml	37.0.0
2025-08-01T12:16:42.753861+00:00	GitLab Importer	Affected by	VCID-gb3e-bf77-4qbh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml	37.0.0
2025-08-01T12:16:40.473035+00:00	GitLab Importer	Affected by	VCID-mv7g-hw9g-s7cv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml	37.0.0
2025-08-01T11:54:09.016548+00:00	GitLab Importer	Fixing	VCID-gz6t-uvpw-4keu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	37.0.0