Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist drupal/core Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS02Y2N2LThmZ2YtY2pwd84AA5Og
Drupal core Denial of Service vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02MmNmLWp2cHAtNDhxNs4AA4du
Drupal Denial of Service vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access Control
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1yanFnLTNoOW0tZng1eM4AA2IQ
Cache poisoning in drupal/core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS04ODQ5LWN2OWYtdmNjbc4AAy-9
Access bypass in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1nMzZoLTRqcjYtcW1tOc4AAy-o
Improper input validation in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS03anI0LWhncXgtdndncc4AAy-k
Access bypass in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00d2ZxLWpjOWgtdnBjeM4AAy-i
Lack of domain validation in Druple core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1jZmgyLTdmNmgtM204Nc4AAy8f
Access bypass in Drupal Core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 12 months ago
High
GSA_kwCzR0hTQS02OTU1LTY3aG0tdmpqcc4AAt2o
Drupal core arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS14aDN2LTZmOWotd3h3M84AAt2d
Drupal core Information Disclosure vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tNjQ4LWhwZjgtcWNqd84AAozw
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05NnZ4LXFmMjgtNmY4bc4AAdq5
Drupal Access Control Bypass
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04MzZwLTZwNGotMzVjZ84AAdZS
Drupal Open Redirect
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNzhoLXBmNjUtNDZyds4AATTf
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNmNoLWdnNWYtd3h4M805QQ
HTTP Proxy header vulnerability
Ecosystems: packagist
Packages: typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mbWZ2LXg4bXAtNTc2N80s5g
Improper input validation in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03M3E0LWozMjQtMnFjY80s4w
Incorrect authorization in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTg2LWNqNjctdmc0cM0rQg
Cross-Site Request Forgery in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12OHdyLXI2OXAtbW13eM0rQw
Unrestricted Upload of File with Dangerous Type in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tNnE1LXd2NHgtZnY2aM0rRw
Cross-site Scripting in Drupal Core
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tbWpyLTVxNzQtcDNtNM0rRQ
Exposure of Resource to Wrong Sphere in Drupal Core
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZmhnLW02cjgteHhwas0rPw
Incorrect Authorization in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zeHIzLXBoanAtZzZwMs0rPA
Drupal core access bypass vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in Drupal
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS02OGpjLXYyN2gtdmhtd80WbQ
Drupal core Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapper
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJneDYtcmpqNC1jMzg4
ckeditor4 vulnerable to cross-site scripting
Ecosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OTYtcTVyOC13N2cy
Symfony Cross-site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzZjYtZjI5Zi1yZ3Zw
Missing Authorization in Drupal
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 4 years ago
Statistics
Advisories: 17,459
Packages: 8,116
Repositories: 6
Ecosystems: 12
Filter by Package
moodle/moodle 249 magento/community-edition 181 pimcore/pimcore 111 typo3/cms 94 microweber/microweber 91 thorsten/phpmyfaq 70 typo3/cms-core 70 dolibarr/dolibarr 55 phpmyadmin/phpmyadmin 53 concrete5/concrete5 52 librenms/librenms 49 symfony/symfony 47 shopware/platform 47 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 36 shopware/core 35 snipe/snipe-it 32 intelliants/subrion 31 drupal/core 30 froxlor/froxlor 28 silverstripe/framework 27 centreon/centreon 27 shopware/shopware 26 magento/core 24 mautic/core 24 getgrav/grav 24 remdex/livehelperchat 23 prestashop/prestashop 23 pocketmine/pocketmine-mp 23 getkirby/cms 22 nilsteampassnet/teampass 22 grumpydictator/firefly-iii 22 drupal/drupal 19 tribalsystems/zenario 18 forkcms/forkcms 18 cakephp/cakephp 17 francoisjacquet/rosariosis 17 cockpit-hq/cockpit 17 yetiforce/yetiforce-crm 16 contao/core-bundle 15 openmage/magento-lts 15 phpmailer/phpmailer 14 typo3/cms-backend 14 symfony/security 13 ezsystems/ezpublish-kernel 13 impresscms/impresscms 13 october/system 13 phpmyfaq/phpmyfaq 12 elefant/cms 12 studio-42/elfinder 12 smarty/smarty 12 lavalite/cms 12 symfony/security-http 12 feehi/cms 11 zendframework/zendframework1 11 feehi/feehicms 11 silverstripe/cms 11 contao/contao 11 topthink/framework 11 pimcore/admin-ui-classic-bundle 10 codeigniter4/framework 10 admidio/admidio 10 wwbn/avideo 10 wallabag/wallabag 10 dompdf/dompdf 10 ezsystems/ezplatform-kernel 10 laravel/framework 9 simplesamlphp/simplesamlphp 9 tinymce 9 alextselegidis/easyappointments 9 TinyMCE 9 funadmin/funadmin 9 sylius/sylius 9 ssddanbrown/bookstack 9 october/october 9 concrete5/core 9 kevinpapst/kimai2 9 tinymce/tinymce 9 gilacms/gila 8 october/cms 8 facturascripts/facturascripts 8 pimcore/customer-management-framework-bundle 8 zendframework/zendframework 8 sulu/sulu 8 statamic/cms 7 flarum/core 7 symfony/http-foundation 7 silverstripe/graphql 7 silverstripe/admin 7 croogo/croogo 7 october/backend 7 nystudio107/craft-seomatic 6 in2code/femanager 6 pterodactyl/panel 6 yourls/yourls 6 pagekit/pagekit 6 composer/composer 6 directmailteam/direct-mail 6 guzzlehttp/guzzle 6 backdrop/backdrop 6 anchorcms/anchor-cms 5 cachethq/cachet 5 phpxmlrpc/phpxmlrpc 5 dweeves/magmi 5 automad/automad 5 phpseclib/phpseclib 5 bolt/bolt 5 vrana/adminer 5 symfony/http-kernel 5 billz/raspap-webgui 5 yiisoft/yii2 5 elgg/elgg 5 gugoan/economizzer 5 oro/platform 5 pear/archive_tar 5 typo3/cms-install 5 bagisto/bagisto 5 ibexa/core 5 bottelet/flarepoint 5 idno/known 4 bytefury/crater 4 magento/product-community-edition 4 notrinos/notrinos-erp 4 bref/bref 4 nukeviet/nukeviet 4 ezsystems/ezplatform-admin-ui 4 silverstripe/assets 4 spatie/browsershot 4 woocommerce/woocommerce 4 codeigniter4/shield 4 wintercms/winter 4 typo3/cms-frontend 4 typo3/html-sanitizer 4 symfony/security-bundle 4 shopware/storefront 4 oro/commerce 4 symfony/security-core 4 phpservermon/phpservermon 4 appwrite/server-ce 3 kimai/kimai 3 opencart/opencart 3 enhavo/enhavo-app 3 processwire/processwire 3 ckeditor4 3 adodb/adodb-php 3 phenx/php-svg-lib 3 zencart/zencart 3 facade/ignition 3 joomla/framework 3 typo3/cms-form 3 artesaos/seotools 3 pixelfed/pixelfed 3 sylius/resource-bundle 3 mantisbt/mantisbt 3 illuminate/database 3 froala/wysiwyg-editor 3 zendframework/zendrest 3 zendframework/zendopenid 3 phpoffice/phpspreadsheet 3 zendframework/zendservice-audioscrobbler 3 zendframework/zendservice-nirvanix 3 phpbb/phpbb 3 prestashop/productcomments 3 twig/twig 3 zendframework/zendservice-slideshare 3 rudloff/alltube 3 limesurvey/limesurvey 3 enshrined/svg-sanitize 3 uvdesk/community-skeleton 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-api 3 apache-solr-for-typo3/solr 3 zendframework/zendservice-amazon 3 codeigniter/framework 3 shopxo/shopxo 3 icecoder/icecoder 3 joomla/joomla-cms 3 verot/class.upload.php 3 modx/revolution 3 yiisoft/yii2-dev 3 flarum/framework 3 yiisoft/yii 2 getkirby/panel 2 pyrocms/pyrocms 2 tpwd/ke_search 2 reportico-web/reportico 2 badaso/core 2 protobuf 2 github.com/protocolbuffers/protobuf 2 google/protobuf 2 Google.Protobuf 2 symfony/form 2 cuyz/valinor 2 kitodo/presentation 2 yiisoft/yii2-authclient 2 yiisoft/yii2-gii 2 buddypress/buddypress 2 ether/logs 2