VulnerableCode Package Details - pkg:composer/drupal/core@10.3.0-beta1

Search for packages

Vulnerability	Summary	Fixed by
VCID-nhhw-dxca-eqhr Aliases: CVE-2025-31673 GHSA-wpp8-fjgf-pwc7	Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.	10.3.13 Affected by 0 other vulnerabilities. 10.4.0-beta1 Affected by 0 other vulnerabilities. 10.4.3 Affected by 0 other vulnerabilities. 11.0.0-alpha1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.12 Affected by 0 other vulnerabilities. 11.1.0-beta1 Affected by 0 other vulnerabilities. 11.1.3 Affected by 0 other vulnerabilities.
VCID-v81n-gjq6-fycy Aliases: CVE-2025-31674 GHSA-2qph-q8xw-gv7q	Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.	10.3.13 Affected by 0 other vulnerabilities. 10.4.0-beta1 Affected by 0 other vulnerabilities. 10.4.3 Affected by 0 other vulnerabilities. 11.0.0-alpha1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.12 Affected by 0 other vulnerabilities. 11.1.0-beta1 Affected by 0 other vulnerabilities. 11.1.3 Affected by 0 other vulnerabilities.
VCID-vsp2-5z41-2bbz Aliases: CVE-2025-31675 GHSA-m4wj-hhwj-47qp	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.	10.3.14 Affected by 0 other vulnerabilities. 10.4.0-beta1 Affected by 0 other vulnerabilities. 10.4.5 Affected by 0 other vulnerabilities. 11.0.0-alpha1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.13 Affected by 0 other vulnerabilities. 11.1.0-beta1 Affected by 0 other vulnerabilities. 11.1.5 Affected by 0 other vulnerabilities.
VCID-xja8-hukq-qub7 Aliases: CVE-2025-3057 GHSA-39g6-x4x8-5jcm	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.	10.3.13 Affected by 0 other vulnerabilities. 10.4.0-beta1 Affected by 0 other vulnerabilities. 10.4.3 Affected by 0 other vulnerabilities. 11.0.0-alpha1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.12 Affected by 0 other vulnerabilities. 11.1.0-beta1 Affected by 0 other vulnerabilities. 11.1.3 Affected by 0 other vulnerabilities.
VCID-y3g8-ayqw-5fer Aliases: CVE-2024-45440 GHSA-mg8j-w93w-xjgc	core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.	10.3.6 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.0-alpha1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.0.5 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-nhhw-dxca-eqhr
Aliases:
CVE-2025-31673
GHSA-wpp8-fjgf-pwc7

Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

10.3.13
Affected by 0 other vulnerabilities.

10.4.0-beta1
Affected by 0 other vulnerabilities.

10.4.3
Affected by 0 other vulnerabilities.

11.0.0-alpha1
Affected by 2 other vulnerabilities.

11.0.12
Affected by 0 other vulnerabilities.

11.1.0-beta1
Affected by 0 other vulnerabilities.

11.1.3
Affected by 0 other vulnerabilities.

VCID-v81n-gjq6-fycy
Aliases:
CVE-2025-31674
GHSA-2qph-q8xw-gv7q

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

10.3.13
Affected by 0 other vulnerabilities.

10.4.0-beta1
Affected by 0 other vulnerabilities.

10.4.3
Affected by 0 other vulnerabilities.

11.0.0-alpha1
Affected by 2 other vulnerabilities.

11.0.12
Affected by 0 other vulnerabilities.

11.1.0-beta1
Affected by 0 other vulnerabilities.

11.1.3
Affected by 0 other vulnerabilities.

VCID-vsp2-5z41-2bbz
Aliases:
CVE-2025-31675
GHSA-m4wj-hhwj-47qp

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.

10.3.14
Affected by 0 other vulnerabilities.

10.4.0-beta1
Affected by 0 other vulnerabilities.

10.4.5
Affected by 0 other vulnerabilities.

11.0.0-alpha1
Affected by 2 other vulnerabilities.

11.0.13
Affected by 0 other vulnerabilities.

11.1.0-beta1
Affected by 0 other vulnerabilities.

11.1.5
Affected by 0 other vulnerabilities.

VCID-xja8-hukq-qub7
Aliases:
CVE-2025-3057
GHSA-39g6-x4x8-5jcm

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

10.3.13
Affected by 0 other vulnerabilities.

10.4.0-beta1
Affected by 0 other vulnerabilities.

10.4.3
Affected by 0 other vulnerabilities.

11.0.0-alpha1
Affected by 2 other vulnerabilities.

11.0.12
Affected by 0 other vulnerabilities.

11.1.0-beta1
Affected by 0 other vulnerabilities.

11.1.3
Affected by 0 other vulnerabilities.

VCID-y3g8-ayqw-5fer
Aliases:
CVE-2024-45440
GHSA-mg8j-w93w-xjgc

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

10.3.6
Affected by 9 other vulnerabilities.

11.0.0-alpha1
Affected by 2 other vulnerabilities.

11.0.5
Affected by 8 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-y3g8-ayqw-5fer	core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.	CVE-2024-45440 GHSA-mg8j-w93w-xjgc

Vulnerability

Summary

Aliases

VCID-y3g8-ayqw-5fer

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

CVE-2024-45440
GHSA-mg8j-w93w-xjgc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:19:31.847593+00:00	GitLab Importer	Affected by	VCID-vsp2-5z41-2bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	36.1.3
2025-06-20T17:19:27.295206+00:00	GitLab Importer	Affected by	VCID-xja8-hukq-qub7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml	36.1.3
2025-06-20T17:19:26.084519+00:00	GitLab Importer	Affected by	VCID-v81n-gjq6-fycy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml	36.1.3
2025-06-20T17:19:24.986294+00:00	GitLab Importer	Affected by	VCID-nhhw-dxca-eqhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml	36.1.3
2025-06-20T17:07:02.629655+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.3
2025-06-20T17:07:00.302169+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.3
2025-06-03T23:54:26.537994+00:00	GitLab Importer	Affected by	VCID-vsp2-5z41-2bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	36.1.0
2025-06-03T23:54:22.360226+00:00	GitLab Importer	Affected by	VCID-xja8-hukq-qub7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml	36.1.0
2025-06-03T23:54:21.277511+00:00	GitLab Importer	Affected by	VCID-v81n-gjq6-fycy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml	36.1.0
2025-06-03T23:54:20.250741+00:00	GitLab Importer	Affected by	VCID-nhhw-dxca-eqhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml	36.1.0
2025-06-03T23:43:10.067742+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.0
2025-06-03T23:43:07.983587+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.0
2025-06-02T23:53:23.990175+00:00	GitLab Importer	Affected by	VCID-vsp2-5z41-2bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	36.1.2
2025-06-02T23:53:19.585005+00:00	GitLab Importer	Affected by	VCID-xja8-hukq-qub7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml	36.1.2
2025-06-02T23:53:18.368829+00:00	GitLab Importer	Affected by	VCID-v81n-gjq6-fycy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml	36.1.2
2025-06-02T23:53:17.334685+00:00	GitLab Importer	Affected by	VCID-nhhw-dxca-eqhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml	36.1.2
2025-06-02T23:41:28.306167+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.2
2025-06-02T23:41:25.925762+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.2
2025-05-15T01:18:27.119382+00:00	GitLab Importer	Affected by	VCID-vsp2-5z41-2bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	36.0.0
2025-05-15T01:18:16.548336+00:00	GitLab Importer	Affected by	VCID-xja8-hukq-qub7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml	36.0.0
2025-05-15T01:18:13.639788+00:00	GitLab Importer	Affected by	VCID-v81n-gjq6-fycy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml	36.0.0
2025-05-15T01:18:11.090676+00:00	GitLab Importer	Affected by	VCID-nhhw-dxca-eqhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml	36.0.0
2025-04-03T22:21:49.881405+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.0.0
2025-04-03T22:21:46.534237+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.0.0
2025-02-18T04:08:11.628791+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	35.1.0
2025-02-18T04:08:09.757310+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	35.1.0
2024-11-21T01:15:37.912797+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	35.0.0
2024-11-21T01:15:36.146203+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	35.0.0
2024-11-19T01:03:34.417087+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.3.2
2024-11-19T01:03:32.548298+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.3.2
2024-10-17T05:20:03.263284+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.0.2
2024-10-17T02:06:20.398616+00:00	GHSA Importer	Fixing	VCID-y3g8-ayqw-5fer	https://github.com/advisories/GHSA-mg8j-w93w-xjgc	34.0.2
2024-10-08T01:41:07.561962+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.0.2
2024-10-07T22:21:44.161490+00:00	GHSA Importer	Affected by	VCID-y3g8-ayqw-5fer	https://github.com/advisories/GHSA-mg8j-w93w-xjgc	34.0.2
2024-09-29T10:14:27.826320+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.0.1
2024-09-29T07:08:19.714736+00:00	GHSA Importer	Affected by	VCID-y3g8-ayqw-5fer	https://github.com/advisories/GHSA-mg8j-w93w-xjgc	34.0.1