VulnerableCode Package Details - pkg:composer/drupal/core@11.0.0-alpha1

Search for packages

Vulnerability	Summary	Fixed by
VCID-azrn-adcp-aaas Aliases: GHSA-6gf6-24h2-66j4	Drupal core Open Redirect vulnerability	There are no reported fixed by versions.
VCID-y3g8-ayqw-5fer Aliases: CVE-2024-45440 GHSA-mg8j-w93w-xjgc	core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.	11.0.5 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-azrn-adcp-aaas
Aliases:
GHSA-6gf6-24h2-66j4

Drupal core Open Redirect vulnerability

There are no reported fixed by versions.

VCID-y3g8-ayqw-5fer
Aliases:
CVE-2024-45440
GHSA-mg8j-w93w-xjgc

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

11.0.5
Affected by 8 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-nhhw-dxca-eqhr	Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.	CVE-2025-31673 GHSA-wpp8-fjgf-pwc7
VCID-v81n-gjq6-fycy	Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.	CVE-2025-31674 GHSA-2qph-q8xw-gv7q
VCID-vsp2-5z41-2bbz	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.	CVE-2025-31675 GHSA-m4wj-hhwj-47qp
VCID-xja8-hukq-qub7	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.	CVE-2025-3057 GHSA-39g6-x4x8-5jcm
VCID-y3g8-ayqw-5fer	core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.	CVE-2024-45440 GHSA-mg8j-w93w-xjgc

Vulnerability

Summary

Aliases

VCID-nhhw-dxca-eqhr

Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

CVE-2025-31673
GHSA-wpp8-fjgf-pwc7

VCID-v81n-gjq6-fycy

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

CVE-2025-31674
GHSA-2qph-q8xw-gv7q

VCID-vsp2-5z41-2bbz

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.

CVE-2025-31675
GHSA-m4wj-hhwj-47qp

VCID-xja8-hukq-qub7

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

CVE-2025-3057
GHSA-39g6-x4x8-5jcm

VCID-y3g8-ayqw-5fer

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

CVE-2024-45440
GHSA-mg8j-w93w-xjgc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:19:31.886234+00:00	GitLab Importer	Fixing	VCID-vsp2-5z41-2bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	36.1.3
2025-06-20T17:19:27.338094+00:00	GitLab Importer	Fixing	VCID-xja8-hukq-qub7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml	36.1.3
2025-06-20T17:19:26.122263+00:00	GitLab Importer	Fixing	VCID-v81n-gjq6-fycy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml	36.1.3
2025-06-20T17:19:25.024386+00:00	GitLab Importer	Fixing	VCID-nhhw-dxca-eqhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml	36.1.3
2025-06-20T17:07:15.105858+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.3
2025-06-20T17:07:00.320525+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.3
2025-06-20T16:59:06.802196+00:00	GitLab Importer	Affected by	VCID-azrn-adcp-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-6gf6-24h2-66j4.yml	36.1.3
2025-06-03T23:54:26.568430+00:00	GitLab Importer	Fixing	VCID-vsp2-5z41-2bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	36.1.0
2025-06-03T23:54:22.396962+00:00	GitLab Importer	Fixing	VCID-xja8-hukq-qub7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml	36.1.0
2025-06-03T23:54:21.307923+00:00	GitLab Importer	Fixing	VCID-v81n-gjq6-fycy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml	36.1.0
2025-06-03T23:54:20.287430+00:00	GitLab Importer	Fixing	VCID-nhhw-dxca-eqhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml	36.1.0
2025-06-03T23:43:21.547213+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.0
2025-06-03T23:43:07.998277+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.0
2025-06-03T23:35:42.149575+00:00	GitLab Importer	Affected by	VCID-azrn-adcp-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-6gf6-24h2-66j4.yml	36.1.0
2025-06-02T23:53:24.028506+00:00	GitLab Importer	Fixing	VCID-vsp2-5z41-2bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	36.1.2
2025-06-02T23:53:19.622793+00:00	GitLab Importer	Fixing	VCID-xja8-hukq-qub7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml	36.1.2
2025-06-02T23:53:18.401130+00:00	GitLab Importer	Fixing	VCID-v81n-gjq6-fycy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml	36.1.2
2025-06-02T23:53:17.372570+00:00	GitLab Importer	Fixing	VCID-nhhw-dxca-eqhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml	36.1.2
2025-06-02T23:41:40.623085+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.2
2025-06-02T23:41:25.943829+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.1.2
2025-06-02T23:33:48.669985+00:00	GitLab Importer	Affected by	VCID-azrn-adcp-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-6gf6-24h2-66j4.yml	36.1.2
2025-05-15T01:18:27.223832+00:00	GitLab Importer	Fixing	VCID-vsp2-5z41-2bbz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31675.yml	36.0.0
2025-05-15T01:18:16.653149+00:00	GitLab Importer	Fixing	VCID-xja8-hukq-qub7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-3057.yml	36.0.0
2025-05-15T01:18:13.745413+00:00	GitLab Importer	Fixing	VCID-v81n-gjq6-fycy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31674.yml	36.0.0
2025-05-15T01:18:11.202054+00:00	GitLab Importer	Fixing	VCID-nhhw-dxca-eqhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2025-31673.yml	36.0.0
2025-04-03T22:22:15.299035+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.0.0
2025-04-03T22:21:46.578700+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	36.0.0
2025-04-03T22:07:19.573618+00:00	GitLab Importer	Affected by	VCID-azrn-adcp-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-6gf6-24h2-66j4.yml	36.0.0
2025-02-18T04:08:13.534239+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	35.1.0
2025-02-18T04:08:09.781601+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	35.1.0
2025-02-18T01:08:57.904518+00:00	GitLab Importer	Affected by	VCID-azrn-adcp-aaas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/GHSA-6gf6-24h2-66j4.yml	35.1.0
2024-11-21T01:15:39.839467+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	35.0.0
2024-11-21T01:15:36.170995+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	35.0.0
2024-11-19T01:03:36.284558+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.3.2
2024-11-19T01:03:32.573312+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.3.2
2024-10-08T01:41:09.464897+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.0.2
2024-10-08T01:41:07.586271+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.0.2
2024-10-07T22:21:54.979755+00:00	GHSA Importer	Affected by	VCID-y3g8-ayqw-5fer	https://github.com/advisories/GHSA-mg8j-w93w-xjgc	34.0.2
2024-10-07T22:21:44.185409+00:00	GHSA Importer	Fixing	VCID-y3g8-ayqw-5fer	https://github.com/advisories/GHSA-mg8j-w93w-xjgc	34.0.2
2024-10-07T03:01:52.586147+00:00	GitLab Importer	Fixing	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.0.1
2024-10-06T23:54:28.497903+00:00	GHSA Importer	Fixing	VCID-y3g8-ayqw-5fer	https://github.com/advisories/GHSA-mg8j-w93w-xjgc	34.0.1
2024-09-29T10:14:27.850190+00:00	GitLab Importer	Affected by	VCID-y3g8-ayqw-5fer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2024-45440.yml	34.0.1
2024-09-29T07:08:19.744848+00:00	GHSA Importer	Affected by	VCID-y3g8-ayqw-5fer	https://github.com/advisories/GHSA-mg8j-w93w-xjgc	34.0.1