Search for packages
Package details: pkg:alpm/archlinux/drupal@9.0.6-2
purl pkg:alpm/archlinux/drupal@9.0.6-2
Next non-vulnerable version 9.1.10-1
Latest non-vulnerable version 9.2.9-1
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-prpe-f8kr-aaam
Aliases:
CVE-2020-13672
GHSA-3m36-mjwj-352c
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80.
9.1.7-1
Affected by 1 other vulnerability.
VCID-unxt-vez2-aaad
Aliases:
CVE-2020-36193
GHSA-rpw6-9xfx-jvcx
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
9.1.7-1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:44:11.195770+00:00 Arch Linux Importer Affected by VCID-prpe-f8kr-aaam https://security.archlinux.org/AVG-1463 36.0.0
2025-03-28T07:44:11.174718+00:00 Arch Linux Importer Affected by VCID-unxt-vez2-aaad https://security.archlinux.org/AVG-1463 36.0.0
2024-09-18T01:59:18.089609+00:00 Arch Linux Importer Affected by VCID-prpe-f8kr-aaam https://security.archlinux.org/AVG-1463 34.0.1
2024-09-18T01:59:18.061874+00:00 Arch Linux Importer Affected by VCID-unxt-vez2-aaad https://security.archlinux.org/AVG-1463 34.0.1
2024-01-03T22:25:35.347997+00:00 Arch Linux Importer Affected by VCID-prpe-f8kr-aaam https://security.archlinux.org/AVG-1463 34.0.0rc1
2024-01-03T22:25:35.328516+00:00 Arch Linux Importer Affected by VCID-unxt-vez2-aaad https://security.archlinux.org/AVG-1463 34.0.0rc1