Search for packages
| purl | pkg:composer/drupal/drupal@8.5.0-alpha0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4xk4-5nps-4fcd
Aliases: SA-CORE-2018-003 |
XSS Vulnerability CKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It's possible to execute XSS inside CKEditor when using the `image2` plugin. |
Affected by 37 other vulnerabilities. |
|
VCID-7b3c-7vac-v7aj
Aliases: CVE-2018-7602 GHSA-297x-j9pm-xjgg |
Drupal Core Remote Code Execution Vulnerability A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. |
Affected by 36 other vulnerabilities. |
|
VCID-djr8-k9kb-6ua1
Aliases: CVE-2018-7600 GHSA-7fh9-933g-885p |
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. |
Affected by 39 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T09:23:03.166799+00:00 | GitLab Importer | Affected by | VCID-7b3c-7vac-v7aj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2018-7602.yml | 37.0.0 |
| 2025-07-31T09:22:38.483169+00:00 | GitLab Importer | Affected by | VCID-djr8-k9kb-6ua1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/CVE-2018-7600.yml | 37.0.0 |
| 2025-07-31T09:22:37.293944+00:00 | GitLab Importer | Affected by | VCID-4xk4-5nps-4fcd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/drupal/SA-CORE-2018-003.yml | 37.0.0 |