Search for packages
| purl | pkg:composer/drupal/core@8.0.0-alpha0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4uee-2dmr-akbh
Aliases: CVE-2017-6919 GHSA-6hpj-9xj7-2jxx |
Drupal access control bypass vulnerability Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. |
Affected by 63 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 60 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-djr8-k9kb-6ua1
Aliases: CVE-2018-7600 GHSA-7fh9-933g-885p |
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. |
Affected by 61 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 49 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 49 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 51 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T09:22:38.539821+00:00 | GitLab Importer | Affected by | VCID-djr8-k9kb-6ua1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2018-7600.yml | 37.0.0 |
| 2025-07-31T09:21:50.372513+00:00 | GitLab Importer | Affected by | VCID-4uee-2dmr-akbh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2017-6919.yml | 37.0.0 |