Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
packagist drupal/drupal Security Advisories
Loading...
High
Ecosystems: packagist
Packages: typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: about 2 years ago
GSA_kwCzR0hTQS1tNmNoLWdnNWYtd3h4M805QQ
HTTP Proxy header vulnerabilityEcosystems: packagist
Packages: typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: about 2 years ago
Moderate
Ecosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJneDYtcmpqNC1jMzg4
ckeditor4 vulnerable to cross-site scriptingEcosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: almost 3 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
GSA_kwCzR0hTQS03Zmg5LTkzM2ctODg1cM4AAUGf
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapperEcosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB
Drupal Core Access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 14 days ago
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 14 days ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
GSA_kwCzR0hTQS05YzI0LWczMmctMzVyas4AAWPD
Drupal PECL YAML parser unsafe object handlingEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in DrupalEcosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 4 months ago
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access ControlEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 4 months ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisionsEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
GSA_kwCzR0hTQS1mcnFmLTlxcjQtNnZ4Zs4AAc9G
Drupal Saving user accounts can sometimes grant the user all rolesEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
GSA_kwCzR0hTQS14NzJmLWdnanctdjV4aM4AAoYA
Drupal Core Arbitrary PHP code execution vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
GSA_kwCzR0hTQS02OGpjLXYyN2gtdmhtd80WbQ
Drupal core Unrestricted Upload of File with Dangerous TypeEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
GSA_kwCzR0hTQS1tNjQ4LWhwZjgtcWNqd84AAozw
Drupal Core Cross-Site Request Forgery (CSRF) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
GSA_kwCzR0hTQS02OWc4LWc5anEtNzR2N84AAdW6
Drupal arbitrary code executionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1xM3A5LTg3Mjgtd3E3eM4AAdZM
Drupal saving user accounts can sometimes grant the user all rolesEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
GSA_kwCzR0hTQS0zZ3g2LWg1N2gtcm0yN84AAQKY
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
GSA_kwCzR0hTQS0ycDI4LTVtdnAtMmoycs4AAXMk
Drupal Comment reply form allows access to restricted contentEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
GSA_kwCzR0hTQS0zMzI3LWpyOTMtN2hxM84AASZL
Drupal access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1yaHg5LTNxZjctcjNqN84AASYD
Drupal Remote code executionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
GSA_kwCzR0hTQS13MnBqLWM4eDUtanZnMs4AAdXp
Drupal File upload access bypass and denial of serviceEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
GSA_kwCzR0hTQS13N3F4LXZ3cjktMmozcs4AASX9
Drupal editor module incorrectly checks access to inline private filesEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
GSA_kwCzR0hTQS02aHBqLTl4ajctMmp4eM4AASZo
Drupal access control bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
GSA_kwCzR0hTQS05OHc1LXdxcDktdzQ2Ns4AAc69
Drupal Incorrect cache context on password reset pageEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
GSA_kwCzR0hTQS00Z2g1LTNocWoteDNwas4AAdZP
Drupal Form API ignores access restrictions on submit buttonsEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
GSA_kwCzR0hTQS1neHhxLWZoYzctM2p2Oc4AAbOV
Drupal Cross-Site Request Forgery (CSRF)Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
GSA_kwCzR0hTQS1tbWpyLTVxNzQtcDNtNM0rRQ
Exposure of Resource to Wrong Sphere in Drupal CoreEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
GSA_kwCzR0hTQS1oM3I5LXBqbXItZjkzOM4AAdYi
Drupal Brute force amplification attacks via XML-RPCEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
Moderate
Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
GSA_kwCzR0hTQS1nNzhoLXBmNjUtNDZyds4AATTf
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
GSA_kwCzR0hTQS04MzZwLTZwNGotMzVjZ84AAdZS
Drupal Open RedirectEcosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
GSA_kwCzR0hTQS1wOGc2LTVtZzctOXI1cc4AARZN
Drupal REST API can bypass comment approvalEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
GSA_kwCzR0hTQS1neHd4LWM3bTgtZjk1aM4AAdYo
Drupal Open redirect vulnerability in the drupal_goto functionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OTYtcTVyOC13N2cy
Symfony Cross-site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1qcGo4LTQ5aHItd2N3ds4AAc7N
Drupal Denial of service via transliterate mechanismEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzZjYtZjI5Zi1yZ3Zw
Missing Authorization in DrupalEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
GSA_kwCzR0hTQS03ZmZoLWNqdmctZnByNM4AASZT
Drupal Settings Tray access bypassEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
GSA_kwCzR0hTQS01OGYzLWN4OHAtaDhqZ84AARYs
Drupal core access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: almost 2 years ago
GSA_kwCzR0hTQS1xcXhjLWNwcGctNHhwOM4AAdYz
Drupal Reflected file download vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
GSA_kwCzR0hTQS01dnByLXYyNHctbW1qas4AAXNU
Drupal cross site scripting vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
GSA_kwCzR0hTQS1nanFnLTlyaHYtcWo2N84AAoX9
Drupal Core Open Redirect vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
GSA_kwCzR0hTQS04amoyLXgyZ2MtZ2dtN84AAoX_
Drupal Core Cross-site scripting vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
GSA_kwCzR0hTQS12aGc4LXg4NTgtN3dxNs4AAdKN
Drupal Cross-site scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
GSA_kwCzR0hTQS1tNnE1LXd2NHgtZnY2aM0rRw
Cross-site Scripting in Drupal CoreEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
GSA_kwCzR0hTQS01ODVqLTU0NDktbWY1bc4AAXMs
Drupal cross-site scripting vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1mZzVxLXIycTUtcW1oM84AAdZQ
Drupal CRLF injection vulnerability in the drupal_set_header functionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1oMzc3LTI4N20tdzJyOc4AARY1
Drupal file REST resource does not properly validateEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1jbW1oLThtd3AtZ3E1cM4AAiGR
Drupal Cross Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
GSA_kwCzR0hTQS14MnE5LXI4Z20tZjY1N84AAohb
Drupal Core Access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
GSA_kwCzR0hTQS02Nm12LXE4cjItaGo4d84AASZx
Drupal access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
GSA_kwCzR0hTQS1wcXY0LXhncWgtajh2aM4AAdYs
Drupal sensitive information disclosureEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
GSA_kwCzR0hTQS1yZnh4LWd4d2MtOTIzY84AAc9H
Drupal Views can allow unauthorized users to see Statistics informationEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZybXEteDJodi12eHBw
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted DataEcosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 2 years ago
GSA_kwCzR0hTQS13bTg2LXczY2YtaDZ2bc4AAXNG
Drupal external link injection vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1wNzQ1LTM0N2gtaGpmd84AAcG_
Drupal sensitive information disclosureEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1mbXFoLTJqMngtdmdwM84AAdKO
Drupal Unprivileged access to config exportEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
GSA_kwCzR0hTQS02ZzloLTZ2NzktdzRwY84AAdKR
Drupal Users without "Administer comments" can set comment visibility on nodes they can editEcosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS12cG02LWg1M20teDJ4Zs4AAe3O
Drupal improper access restrictionsEcosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS02Y2o4LWMzNTktcDdxOc26VA
Drupal vulnerable to Cross-site ScriptingEcosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1waDJqLTVoeHEtZ3hycs4AAa8_
Drupal Node Validation Bypass in the node module APIEcosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1wam14LTRnYzYtaHd2OM4AAgJb
Drupal cross-site scripting vulnerability via actions feature and trigger moduleEcosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS13d3JtLTg5NDctNG02Y84AAe25
Drupal Open RedirectEcosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Statistics
Advisories: 18,389
Packages: 8,298
Repositories: 8
Ecosystems: 12
Packages: 8,298
Repositories: 8
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
moodle/moodle
323
magento/community-edition
182
pimcore/pimcore
116
dolibarr/dolibarr
107
typo3/cms
102
phpmyadmin/phpmyadmin
92
microweber/microweber
91
drupal/core
76
typo3/cms-core
73
thorsten/phpmyfaq
70
drupal/drupal
61
librenms/librenms
54
symfony/symfony
53
concrete5/concrete5
52
shopware/platform
48
baserproject/basercms
43
showdoc/showdoc
40
craftcms/cms
40
intelliants/subrion
40
nilsteampassnet/teampass
37
froxlor/froxlor
36
shopware/core
36
silverstripe/framework
32
snipe/snipe-it
32
mautic/core
29
getgrav/grav
28
shopware/shopware
27
centreon/centreon
27
magento/core
24
prestashop/prestashop
24
pocketmine/pocketmine-mp
23
remdex/livehelperchat
23
grumpydictator/firefly-iii
22
getkirby/cms
22
contao/core-bundle
21
tribalsystems/zenario
20
forkcms/forkcms
18
simplesamlphp/simplesamlphp
18
contao/contao
18
cakephp/cakephp
17
cockpit-hq/cockpit
17
genix/cms
17
francoisjacquet/rosariosis
17
symfony/security
17
topthink/framework
16
yetiforce/yetiforce-crm
16
openmage/magento-lts
15
symfony/security-http
14
typo3/cms-backend
14
phpmailer/phpmailer
14
zendframework/zendframework1
14
ec-cube/ec-cube
14
ezsystems/ezpublish-kernel
14
smarty/smarty
14
impresscms/impresscms
13
codeigniter4/framework
13
bolt/bolt
13
elefant/cms
13
lavalite/cms
13
october/system
13
dompdf/dompdf
12
phpbb/phpbb
12
studio-42/elfinder
12
phpmyfaq/phpmyfaq
12
feehi/feehicms
11
feehi/cms
11
zendframework/zendframework
11
silverstripe/cms
11
sylius/sylius
10
wwbn/avideo
10
admidio/admidio
10
opencart/opencart
10
nukeviet/nukeviet
10
pimcore/admin-ui-classic-bundle
10
wallabag/wallabag
10
laravel/framework
10
ezsystems/ezplatform-kernel
10
pagekit/pagekit
10
tinymce
9
funadmin/funadmin
9
ssddanbrown/bookstack
9
concrete5/core
9
TinyMCE
9
alextselegidis/easyappointments
9
october/october
9
kevinpapst/kimai2
9
tinymce/tinymce
9
yiisoft/yii2
8
october/cms
8
sulu/sulu
8
codiad/codiad
8
facturascripts/facturascripts
8
pimcore/customer-management-framework-bundle
8
gilacms/gila
8
croogo/croogo
8
symfony/http-foundation
7
wpglobus/wpglobus
7
silverstripe/graphql
7
flarum/core
7
statamic/cms
7
silverstripe/admin
7
pterodactyl/panel
7
october/backend
7
zoujingli/thinkadmin
6
directmailteam/direct-mail
6
dweeves/magmi
6
yiisoft/yii2-dev
6
guzzlehttp/guzzle
6
bagisto/bagisto
6
yourls/yourls
6
in2code/femanager
6
contao/core
6
gleez/cms
6
symfony/http-kernel
6
composer/composer
6
nystudio107/craft-seomatic
6
backdrop/backdrop
6
vrana/adminer
5
phpxmlrpc/phpxmlrpc
5
symfony/security-core
5
ibexa/core
5
thinkcmf/thinkcmf
5
silverstripe/assets
5
simplesamlphp/saml2
5
cachethq/cachet
5
elgg/elgg
5
automad/automad
5
ezsystems/ezplatform-admin-ui
5
billz/raspap-webgui
5
pear/archive_tar
5
gugoan/economizzer
5
bottelet/flarepoint
5
anchorcms/anchor-cms
5
typo3/cms-install
5
phpseclib/phpseclib
5
oro/platform
5
idno/known
4
wintercms/winter
4
woocommerce/woocommerce
4
typo3/cms-frontend
4
notrinos/notrinos-erp
4
evolutioncms/evolution
4
bytefury/crater
4
codeigniter4/shield
4
typo3/html-sanitizer
4
oro/commerce
4
symfony/security-bundle
4
wp-premium/gravityforms
4
modx/revolution
4
spatie/browsershot
4
bref/bref
4
magento/product-community-edition
4
pyrocms/pyrocms
4
phpservermon/phpservermon
4
shopware/storefront
4
appwrite/server-ce
4
adodb/adodb-php
3
bbpress/bbpress
3
ezsystems/ezpublish-legacy
3
artesaos/seotools
3
joomla/framework
3
zendframework/zendrest
3
zencart/zencart
3
kimai/kimai
3
zendframework/zendservice-audioscrobbler
3
pixelfed/pixelfed
3
buddypress/buddypress
3
codeigniter/framework
3
mantisbt/mantisbt
3
twig/twig
3
tecnickcom/tcpdf
3
zendframework/zendservice-nirvanix
3
apache-solr-for-typo3/solr
3
limesurvey/limesurvey
3
symfony/form
3
zendframework/zendservice-slideshare
3
zendframework/zendservice-technorati
3
zendframework/zendservice-windowsazure
3
zendframework/zendservice-amazon
3
illuminate/database
3
phpoffice/phpspreadsheet
3
qcubed/qcubed
3
typo3/cms-form
3
quickapps/cms
3
prestashop/productcomments
3
verbb/comments
3
icecoder/icecoder
3
sylius/resource-bundle
3
facade/ignition
3
uvdesk/community-skeleton
3
enshrined/svg-sanitize
3
joomla/joomla-cms
3
yiisoft/yii
3
flarum/framework
3
verot/class.upload.php
3
ckeditor4
3
phenx/php-svg-lib
3
processwire/processwire
3
enhavo/enhavo-app
3
froala/wysiwyg-editor
3