Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
packagist drupal/core Security Advisories
Browse all Security Advisories for packagist drupal/core
Loading...
Moderate
Ecosystems: packagist
Packages: drupal/core, drupal/core-recommended, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
GSA_kwCzR0hTQS1tZzhqLXc5M3cteGpnY84AA_BD
Drupal Full Path DisclosureEcosystems: packagist
Packages: drupal/core, drupal/core-recommended, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 6 months ago
GSA_kwCzR0hTQS12ZmdjLWM3NmgtbXdoNM4AA8HN
Drupal core Cross-Site Scripting (XSS) vulnerabilitiesEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 6 months ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 6 months ago
GSA_kwCzR0hTQS1neHhqLWc5djgtdzI4cM4AA8HM
Drupal core Arbitrary PHP code executionEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 6 months ago
GSA_kwCzR0hTQS02Z2Y2LTI0aDItNjZqNM4AA8HL
Drupal core Open Redirect vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
GSA_kwCzR0hTQS12MjczLWo1aHEtMjZ4cM4AA8HK
Drupal core uses a vulnerable Third-party library CKEditorEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 6 months ago
GSA_kwCzR0hTQS05OGg5LTcyN20tNDRxds4AA8HJ
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_TarEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 6 months ago
GSA_kwCzR0hTQS1taDRoLTI3Z3EtY3h3as4AA8HI
Drupal core Access bypassEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 6 months ago
GSA_kwCzR0hTQS03Z3dqLTdmaG0tdnc0d84AA8HH
Drupal core unrestricted file uploadEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 6 months ago
GSA_kwCzR0hTQS1wcjk5LWMzM3AtZndmNs4AA8HG
Drupal core Denial of ServiceEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 6 months ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS03djY4LTNwcjUtaDNjcs4AA8HF
Drupal Core Insufficient Contextual Links validation leads to Remote Code ExecutionEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS02bWdwLXY1Y20tZ2hnNc4AA8HE
Drupal core Remote Code ExecutionEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 6 months ago
GSA_kwCzR0hTQS1nZnZmLTJmMjUtZjM0cs4AA8HD
Drupal Anonymous Open RedirectEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS03ZjRmLXA3bXEtcDRmds4AA8HC
Drupal External URL injection through URL aliases leading to Open RedirectEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1mODRxLW1najktOGpmY84AA8HB
Drupal Content moderation Access bypassEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 7 months ago
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 7 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS02Y2N2LThmZ2YtY2pwd84AA5Og
Drupal core Denial of Service vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS02MmNmLWp2cHAtNDhxNs4AA4du
Drupal Denial of Service vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 10 months ago
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access ControlEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 10 months ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1yanFnLTNoOW0tZng1eM4AA2IQ
Cache poisoning in drupal/coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS04ODQ5LWN2OWYtdmNjbc4AAy-9
Access bypass in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 1 year ago
GSA_kwCzR0hTQS03anI0LWhncXgtdndncc4AAy-k
Access bypass in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 1 year ago
GSA_kwCzR0hTQS00d2ZxLWpjOWgtdnBjeM4AAy-i
Lack of domain validation in Druple coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 1 year ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 1 year ago
GSA_kwCzR0hTQS1nMzZoLTRqcjYtcW1tOc4AAy-o
Improper input validation in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 1 year ago
GSA_kwCzR0hTQS1jZmgyLTdmNmgtM204Nc4AAy8f
Access bypass in Drupal CoreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 1 year ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
GSA_kwCzR0hTQS02OTU1LTY3aG0tdmpqcc4AAt2o
Drupal core arbitrary PHP code executionEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS14aDN2LTZmOWotd3h3M84AAt2d
Drupal core Information Disclosure vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS1xZjJnLW1ycngtcnI1cM4AAo0h
Drupal Core Cross-site scripting vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
GSA_kwCzR0hTQS1tNjQ4LWhwZjgtcWNqd84AAozw
Drupal Core Cross-Site Request Forgery (CSRF) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
GSA_kwCzR0hTQS14MnE5LXI4Z20tZjY1N84AAohb
Drupal Core Access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS04amoyLXgyZ2MtZ2dtN84AAoX_
Drupal Core Cross-site scripting vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS1nanFnLTlyaHYtcWo2N84AAoX9
Drupal Core Open Redirect vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
GSA_kwCzR0hTQS14NzJmLWdnanctdjV4aM4AAoYA
Drupal Core Arbitrary PHP code execution vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB
Drupal Core Access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 2 years ago
GSA_kwCzR0hTQS1jbW1oLThtd3AtZ3E1cM4AAiGR
Drupal Cross Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS05NnZ4LXFmMjgtNmY4bc4AAdq5
Drupal Access Control BypassEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 2 years ago
GSA_kwCzR0hTQS1mZzVxLXIycTUtcW1oM84AAdZQ
Drupal CRLF injection vulnerability in the drupal_set_header functionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 2 years ago
GSA_kwCzR0hTQS04MzZwLTZwNGotMzVjZ84AAdZS
Drupal Open RedirectEcosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS00Z2g1LTNocWoteDNwas4AAdZP
Drupal Form API ignores access restrictions on submit buttonsEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
GSA_kwCzR0hTQS1xM3A5LTg3Mjgtd3E3eM4AAdZM
Drupal saving user accounts can sometimes grant the user all rolesEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: over 2 years ago
GSA_kwCzR0hTQS1xcXhjLWNwcGctNHhwOM4AAdYz
Drupal Reflected file download vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
GSA_kwCzR0hTQS1wcXY0LXhncWgtajh2aM4AAdYs
Drupal sensitive information disclosureEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS1oM3I5LXBqbXItZjkzOM4AAdYi
Drupal Brute force amplification attacks via XML-RPCEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 2 years ago
GSA_kwCzR0hTQS1neHd4LWM3bTgtZjk1aM4AAdYo
Drupal Open redirect vulnerability in the drupal_goto functionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
GSA_kwCzR0hTQS13MnBqLWM4eDUtanZnMs4AAdXp
Drupal File upload access bypass and denial of serviceEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
GSA_kwCzR0hTQS02OWc4LWc5anEtNzR2N84AAdW6
Drupal arbitrary code executionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
GSA_kwCzR0hTQS02ZzloLTZ2NzktdzRwY84AAdKR
Drupal Users without "Administer comments" can set comment visibility on nodes they can editEcosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
GSA_kwCzR0hTQS1mbXFoLTJqMngtdmdwM84AAdKO
Drupal Unprivileged access to config exportEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS12aGc4LXg4NTgtN3dxNs4AAdKN
Drupal Cross-site scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
GSA_kwCzR0hTQS1mcnFmLTlxcjQtNnZ4Zs4AAc9G
Drupal Saving user accounts can sometimes grant the user all rolesEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
GSA_kwCzR0hTQS1yZnh4LWd4d2MtOTIzY84AAc9H
Drupal Views can allow unauthorized users to see Statistics informationEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
GSA_kwCzR0hTQS1qcGo4LTQ5aHItd2N3ds4AAc7N
Drupal Denial of service via transliterate mechanismEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS05OHc1LXdxcDktdzQ2Ns4AAc69
Drupal Incorrect cache context on password reset pageEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 2 years ago
GSA_kwCzR0hTQS02NmdyLXhyY2YtOGpwcc4AAcG9
Drupal Open RedirectEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
GSA_kwCzR0hTQS1wNzQ1LTM0N2gtaGpmd84AAcG_
Drupal sensitive information disclosureEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS1neHhxLWZoYzctM2p2Oc4AAbOV
Drupal Cross-Site Request Forgery (CSRF)Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS01dnByLXYyNHctbW1qas4AAXNU
Drupal cross site scripting vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 2 years ago
GSA_kwCzR0hTQS13bTg2LXczY2YtaDZ2bc4AAXNG
Drupal external link injection vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS01ODVqLTU0NDktbWY1bc4AAXMs
Drupal cross-site scripting vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
GSA_kwCzR0hTQS0ycDI4LTVtdnAtMmoycs4AAXMk
Drupal Comment reply form allows access to restricted contentEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS05YzI0LWczMmctMzVyas4AAWPD
Drupal PECL YAML parser unsafe object handlingEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS03Zmg5LTkzM2ctODg1cM4AAUGf
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Moderate
Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS1nNzhoLXBmNjUtNDZyds4AATTf
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
GSA_kwCzR0hTQS03ZmZoLWNqdmctZnByNM4AASZT
Drupal Settings Tray access bypassEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS02aHBqLTl4ajctMmp4eM4AASZo
Drupal access control bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisionsEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
GSA_kwCzR0hTQS0zMzI3LWpyOTMtN2hxM84AASZL
Drupal access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
GSA_kwCzR0hTQS02Nm12LXE4cjItaGo4d84AASZx
Drupal access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
GSA_kwCzR0hTQS1yaHg5LTNxZjctcjNqN84AASYD
Drupal Remote code executionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS13N3F4LXZ3cjktMmozcs4AASX9
Drupal editor module incorrectly checks access to inline private filesEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
GSA_kwCzR0hTQS01OGYzLWN4OHAtaDhqZ84AARYs
Drupal core access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 2 years ago
GSA_kwCzR0hTQS1oMzc3LTI4N20tdzJyOc4AARY1
Drupal file REST resource does not properly validateEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 2 years ago
GSA_kwCzR0hTQS1wOGc2LTVtZzctOXI1cc4AARZN
Drupal REST API can bypass comment approvalEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
GSA_kwCzR0hTQS0zZ3g2LWg1N2gtcm0yN84AAQKY
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS1xcDhxLWd3ZjUtaHFoMs0_SQ
Drupal Cross-Site Scripting vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS1oY3E5LWhtZ2YtNnFyOc0_Sg
Drupal SQL Injection vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
High
Ecosystems: packagist
Packages: typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: over 2 years ago
GSA_kwCzR0hTQS1tNmNoLWdnNWYtd3h4M805QQ
HTTP Proxy header vulnerabilityEcosystems: packagist
Packages: typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 3 years ago
GSA_kwCzR0hTQS1mbWZ2LXg4bXAtNTc2N80s5g
Improper input validation in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 3 years ago
GSA_kwCzR0hTQS03M3E0LWozMjQtMnFjY80s4w
Incorrect authorization in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 3 years ago
GSA_kwCzR0hTQS1jNTMzLWM4NDMtNjdoOM0rSw
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditorEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 3 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 3 years ago
GSA_kwCzR0hTQS1tbWpyLTVxNzQtcDNtNM0rRQ
Exposure of Resource to Wrong Sphere in Drupal CoreEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 3 years ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 3 years ago
GSA_kwCzR0hTQS12OHdyLXI2OXAtbW13eM0rQw
Unrestricted Upload of File with Dangerous Type in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 3 years ago
GSA_kwCzR0hTQS1tNnE1LXd2NHgtZnY2aM0rRw
Cross-site Scripting in Drupal CoreEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 3 years ago
GSA_kwCzR0hTQS0zbTM2LW1qd2otMzUyY80rQQ
Drupal core Cross-site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 3 years ago
GSA_kwCzR0hTQS1qNTg2LWNqNjctdmc0cM0rQg
Cross-Site Request Forgery in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 3 years ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 3 years ago
GSA_kwCzR0hTQS0zeHIzLXBoanAtZzZwMs0rPA
Drupal core access bypass vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 3 years ago
GSA_kwCzR0hTQS1xZmhnLW02cjgteHhwas0rPw
Incorrect Authorization in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 3 years ago
Critical
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 3 years ago
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in DrupalEcosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 3 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 3 years ago
GSA_kwCzR0hTQS02OGpjLXYyN2gtdmhtd80WbQ
Drupal core Unrestricted Upload of File with Dangerous TypeEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 3 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 3 years ago
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapperEcosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 3 years ago
Moderate
Ecosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJneDYtcmpqNC1jMzg4
ckeditor4 vulnerable to cross-site scriptingEcosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 3 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OTYtcTVyOC13N2cy
Symfony Cross-site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 5 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzZjYtZjI5Zi1yZ3Zw
Missing Authorization in DrupalEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 5 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 8
Ecosystems: 12
Packages: 9,040
Repositories: 8
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
moodle/moodle
367
magento/community-edition
235
typo3/cms
174
pimcore/pimcore
118
dolibarr/dolibarr
113
typo3/cms-core
106
microweber/microweber
94
drupal/core
92
phpmyadmin/phpmyadmin
92
silverstripe/framework
85
drupal/drupal
78
librenms/librenms
74
thorsten/phpmyfaq
70
symfony/symfony
69
concrete5/concrete5
60
shopware/platform
52
baserproject/basercms
47
craftcms/cms
46
shopware/core
40
showdoc/showdoc
40
intelliants/subrion
39
froxlor/froxlor
38
nilsteampassnet/teampass
37
mautic/core
37
snipe/snipe-it
35
zendframework/zendframework1
34
shopware/shopware
30
getgrav/grav
29
mediawiki/core
28
centreon/centreon
27
prestashop/prestashop
26
contao/core-bundle
24
magento/core
24
pocketmine/pocketmine-mp
23
remdex/livehelperchat
23
zendframework/zendframework
23
simplesamlphp/simplesamlphp
23
grumpydictator/firefly-iii
23
getkirby/cms
22
tribalsystems/zenario
22
laravel/framework
20
funadmin/funadmin
20
contao/contao
19
cockpit-hq/cockpit
18
topthink/framework
18
forkcms/forkcms
18
francoisjacquet/rosariosis
17
opencart/opencart
17
symfony/security
17
ezsystems/ezpublish-kernel
17
cakephp/cakephp
17
genix/cms
17
openmage/magento-lts
16
yetiforce/yetiforce-crm
16
typo3/cms-backend
16
phpbb/phpbb
16
october/system
15
symfony/security-http
15
smarty/smarty
15
ec-cube/ec-cube
15
silverstripe/cms
14
bolt/bolt
14
feehi/cms
14
dompdf/dompdf
14
phpmailer/phpmailer
14
pimcore/admin-ui-classic-bundle
13
codeigniter4/framework
13
elefant/cms
13
studio-42/elfinder
13
sylius/sylius
13
lavalite/cms
13
admidio/admidio
13
impresscms/impresscms
13
phpoffice/phpspreadsheet
12
wwbn/avideo
12
phpmyfaq/phpmyfaq
12
symfony/http-foundation
12
wallabag/wallabag
11
pagekit/pagekit
11
nukeviet/nukeviet
11
tinymce
11
TinyMCE
11
tinymce/tinymce
11
ezsystems/ezplatform-kernel
11
feehi/feehicms
11
october/october
10
ssddanbrown/bookstack
10
yiisoft/yii2
10
sulu/sulu
10
ezsystems/ezpublish-legacy
10
kevinpapst/kimai2
9
concrete5/core
9
statamic/cms
9
alextselegidis/easyappointments
9
contao/core
9
bootstrap
9
bootstrap
9
twbs/bootstrap
9
org.webjars:bootstrap
9
bootstrap
9
facturascripts/facturascripts
8
composer/composer
8
mantisbt/mantisbt
8
silverstripe/graphql
8
pimcore/customer-management-framework-bundle
8
october/cms
8
twig/twig
8
croogo/croogo
8
pterodactyl/panel
8
silverstripe/admin
8
ezsystems/ezplatform-admin-ui
8
gilacms/gila
8
codiad/codiad
8
passbolt/passbolt_api
7
bootstrap.sass
7
billz/raspap-webgui
7
bootstrap-sass
7
flarum/core
7
symfony/http-kernel
7
wpglobus/wpglobus
7
backdrop/backdrop
7
october/backend
7
gleez/cms
6
pear/archive_tar
6
zoujingli/thinkadmin
6
nystudio107/craft-seomatic
6
in2code/femanager
6
yiisoft/yii2-dev
6
directmailteam/direct-mail
6
phpseclib/phpseclib
6
guzzlehttp/guzzle
6
oro/platform
6
icecoder/icecoder
6
dweeves/magmi
6
vrana/adminer
6
bagisto/bagisto
6
yourls/yourls
6
anchorcms/anchor-cms
5
typo3/flow
5
ibexa/core
5
bootstrap-sass
5
codeigniter/framework
5
symfony/security-bundle
5
gugoan/economizzer
5
thinkcmf/thinkcmf
5
illuminate/database
5
neos/neos
5
neos/flow
5
phpxmlrpc/phpxmlrpc
5
typo3/cms-install
5
symfony/security-core
5
elgg/elgg
5
kimai/kimai
5
cachethq/cachet
5
bottelet/flarepoint
5
mautic/core-lib
5
silverstripe/assets
5
phpservermon/phpservermon
5
simplesamlphp/saml2
5
woocommerce/woocommerce
5
limesurvey/limesurvey
5
reportico-web/reportico
4
magento/product-community-edition
4
modx/revolution
4
typo3/html-sanitizer
4
oro/commerce
4
spatie/browsershot
4
typo3/cms-frontend
4
wp-premium/gravityforms
4
pyrocms/pyrocms
4
ezyang/htmlpurifier
4
sylius/resource-bundle
4
bytefury/crater
4
adodb/adodb-php
4
evolutioncms/evolution
4
wintercms/winter
4
appwrite/server-ce
4
idno/known
4
codeigniter4/shield
4
notrinos/notrinos-erp
4
shopxo/shopxo
4
bref/bref
4
automad/automad
4
shopware/storefront
4
friendsofsymfony/user-bundle
4
processwire/processwire
4
ezsystems/ezplatform
4
zendframework/zendopenid
4
facade/ignition
3
verbb/comments
3
in2code/powermail
3
zencart/zencart
3
uvdesk/community-skeleton
3
flarum/framework
3
getformwork/formwork
3
symfony/validator
3
artesaos/seotools
3
verot/class.upload.php
3
symfony/framework-bundle
3
zendframework/zend-http
3
Filter by Repository