Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
packagist drupal/core Security Advisories
Loading...
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 2 months ago
GSA_kwCzR0hTQS12ZmdjLWM3NmgtbXdoNM4AA8HN
Drupal core Cross-Site Scripting (XSS) vulnerabilitiesEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 2 months ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 2 months ago
GSA_kwCzR0hTQS1neHhqLWc5djgtdzI4cM4AA8HM
Drupal core Arbitrary PHP code executionEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 2 months ago
GSA_kwCzR0hTQS02Z2Y2LTI0aDItNjZqNM4AA8HL
Drupal core Open Redirect vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 2 months ago
GSA_kwCzR0hTQS12MjczLWo1aHEtMjZ4cM4AA8HK
Drupal core uses a vulnerable Third-party library CKEditorEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 2 months ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 2 months ago
GSA_kwCzR0hTQS05OGg5LTcyN20tNDRxds4AA8HJ
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_TarEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 2 months ago
GSA_kwCzR0hTQS1taDRoLTI3Z3EtY3h3as4AA8HI
Drupal core Access bypassEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 2 months ago
GSA_kwCzR0hTQS03Z3dqLTdmaG0tdnc0d84AA8HH
Drupal core unrestricted file uploadEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 2 months ago
GSA_kwCzR0hTQS1wcjk5LWMzM3AtZndmNs4AA8HG
Drupal core Denial of ServiceEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 2 months ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS03djY4LTNwcjUtaDNjcs4AA8HF
Drupal Core Insufficient Contextual Links validation leads to Remote Code ExecutionEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS02bWdwLXY1Y20tZ2hnNc4AA8HE
Drupal core Remote Code ExecutionEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 2 months ago
GSA_kwCzR0hTQS1nZnZmLTJmMjUtZjM0cs4AA8HD
Drupal Anonymous Open RedirectEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS03ZjRmLXA3bXEtcDRmds4AA8HC
Drupal External URL injection through URL aliases leading to Open RedirectEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1mODRxLW1najktOGpmY84AA8HB
Drupal Content moderation Access bypassEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS02Y2N2LThmZ2YtY2pwd84AA5Og
Drupal core Denial of Service vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS02MmNmLWp2cHAtNDhxNs4AA4du
Drupal Denial of Service vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 7 months ago
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access ControlEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 7 months ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1yanFnLTNoOW0tZng1eM4AA2IQ
Cache poisoning in drupal/coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS04ODQ5LWN2OWYtdmNjbc4AAy-9
Access bypass in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 1 year ago
GSA_kwCzR0hTQS03anI0LWhncXgtdndncc4AAy-k
Access bypass in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 1 year ago
GSA_kwCzR0hTQS00d2ZxLWpjOWgtdnBjeM4AAy-i
Lack of domain validation in Druple coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 1 year ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 1 year ago
GSA_kwCzR0hTQS1nMzZoLTRqcjYtcW1tOc4AAy-o
Improper input validation in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 1 year ago
GSA_kwCzR0hTQS1jZmgyLTdmNmgtM204Nc4AAy8f
Access bypass in Drupal CoreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 1 year ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
GSA_kwCzR0hTQS02OTU1LTY3aG0tdmpqcc4AAt2o
Drupal core arbitrary PHP code executionEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
GSA_kwCzR0hTQS14aDN2LTZmOWotd3h3M84AAt2d
Drupal core Information Disclosure vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
GSA_kwCzR0hTQS1xZjJnLW1ycngtcnI1cM4AAo0h
Drupal Core Cross-site scripting vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 2 years ago
GSA_kwCzR0hTQS1tNjQ4LWhwZjgtcWNqd84AAozw
Drupal Core Cross-Site Request Forgery (CSRF) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
GSA_kwCzR0hTQS14MnE5LXI4Z20tZjY1N84AAohb
Drupal Core Access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
GSA_kwCzR0hTQS1nanFnLTlyaHYtcWo2N84AAoX9
Drupal Core Open Redirect vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 2 years ago
GSA_kwCzR0hTQS14NzJmLWdnanctdjV4aM4AAoYA
Drupal Core Arbitrary PHP code execution vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB
Drupal Core Access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
GSA_kwCzR0hTQS04amoyLXgyZ2MtZ2dtN84AAoX_
Drupal Core Cross-site scripting vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 2 years ago
GSA_kwCzR0hTQS1jbW1oLThtd3AtZ3E1cM4AAiGR
Drupal Cross Site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS05NnZ4LXFmMjgtNmY4bc4AAdq5
Drupal Access Control BypassEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 2 years ago
GSA_kwCzR0hTQS04MzZwLTZwNGotMzVjZ84AAdZS
Drupal Open RedirectEcosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 2 years ago
GSA_kwCzR0hTQS1mZzVxLXIycTUtcW1oM84AAdZQ
Drupal CRLF injection vulnerability in the drupal_set_header functionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
GSA_kwCzR0hTQS00Z2g1LTNocWoteDNwas4AAdZP
Drupal Form API ignores access restrictions on submit buttonsEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
GSA_kwCzR0hTQS1xM3A5LTg3Mjgtd3E3eM4AAdZM
Drupal saving user accounts can sometimes grant the user all rolesEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 2 years ago
GSA_kwCzR0hTQS1xcXhjLWNwcGctNHhwOM4AAdYz
Drupal Reflected file download vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
GSA_kwCzR0hTQS1wcXY0LXhncWgtajh2aM4AAdYs
Drupal sensitive information disclosureEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
GSA_kwCzR0hTQS1oM3I5LXBqbXItZjkzOM4AAdYi
Drupal Brute force amplification attacks via XML-RPCEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 2 years ago
GSA_kwCzR0hTQS1neHd4LWM3bTgtZjk1aM4AAdYo
Drupal Open redirect vulnerability in the drupal_goto functionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
GSA_kwCzR0hTQS13MnBqLWM4eDUtanZnMs4AAdXp
Drupal File upload access bypass and denial of serviceEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
GSA_kwCzR0hTQS02OWc4LWc5anEtNzR2N84AAdW6
Drupal arbitrary code executionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 2 years ago
GSA_kwCzR0hTQS02ZzloLTZ2NzktdzRwY84AAdKR
Drupal Users without "Administer comments" can set comment visibility on nodes they can editEcosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 2 years ago
GSA_kwCzR0hTQS1mbXFoLTJqMngtdmdwM84AAdKO
Drupal Unprivileged access to config exportEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
GSA_kwCzR0hTQS12aGc4LXg4NTgtN3dxNs4AAdKN
Drupal Cross-site scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 2 years ago
GSA_kwCzR0hTQS1mcnFmLTlxcjQtNnZ4Zs4AAc9G
Drupal Saving user accounts can sometimes grant the user all rolesEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
GSA_kwCzR0hTQS1yZnh4LWd4d2MtOTIzY84AAc9H
Drupal Views can allow unauthorized users to see Statistics informationEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
GSA_kwCzR0hTQS1qcGo4LTQ5aHItd2N3ds4AAc7N
Drupal Denial of service via transliterate mechanismEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
GSA_kwCzR0hTQS05OHc1LXdxcDktdzQ2Ns4AAc69
Drupal Incorrect cache context on password reset pageEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 2 years ago
GSA_kwCzR0hTQS1wNzQ1LTM0N2gtaGpmd84AAcG_
Drupal sensitive information disclosureEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 2 years ago
GSA_kwCzR0hTQS02NmdyLXhyY2YtOGpwcc4AAcG9
Drupal Open RedirectEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
GSA_kwCzR0hTQS1neHhxLWZoYzctM2p2Oc4AAbOV
Drupal Cross-Site Request Forgery (CSRF)Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
GSA_kwCzR0hTQS01dnByLXYyNHctbW1qas4AAXNU
Drupal cross site scripting vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 years ago
GSA_kwCzR0hTQS13bTg2LXczY2YtaDZ2bc4AAXNG
Drupal external link injection vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
GSA_kwCzR0hTQS01ODVqLTU0NDktbWY1bc4AAXMs
Drupal cross-site scripting vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
GSA_kwCzR0hTQS0ycDI4LTVtdnAtMmoycs4AAXMk
Drupal Comment reply form allows access to restricted contentEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
GSA_kwCzR0hTQS05YzI0LWczMmctMzVyas4AAWPD
Drupal PECL YAML parser unsafe object handlingEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
GSA_kwCzR0hTQS03Zmg5LTkzM2ctODg1cM4AAUGf
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Moderate
Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
GSA_kwCzR0hTQS1nNzhoLXBmNjUtNDZyds4AATTf
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
GSA_kwCzR0hTQS03ZmZoLWNqdmctZnByNM4AASZT
Drupal Settings Tray access bypassEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
GSA_kwCzR0hTQS02aHBqLTl4ajctMmp4eM4AASZo
Drupal access control bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisionsEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
GSA_kwCzR0hTQS0zMzI3LWpyOTMtN2hxM84AASZL
Drupal access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
GSA_kwCzR0hTQS02Nm12LXE4cjItaGo4d84AASZx
Drupal access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
GSA_kwCzR0hTQS1yaHg5LTNxZjctcjNqN84AASYD
Drupal Remote code executionEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
GSA_kwCzR0hTQS13N3F4LXZ3cjktMmozcs4AASX9
Drupal editor module incorrectly checks access to inline private filesEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 2 years ago
GSA_kwCzR0hTQS1wOGc2LTVtZzctOXI1cc4AARZN
Drupal REST API can bypass comment approvalEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
GSA_kwCzR0hTQS01OGYzLWN4OHAtaDhqZ84AARYs
Drupal core access bypass vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 2 years ago
GSA_kwCzR0hTQS1oMzc3LTI4N20tdzJyOc4AARY1
Drupal file REST resource does not properly validateEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
GSA_kwCzR0hTQS0zZ3g2LWg1N2gtcm0yN84AAQKY
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS1xcDhxLWd3ZjUtaHFoMs0_SQ
Drupal Cross-Site Scripting vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS1oY3E5LWhtZ2YtNnFyOc0_Sg
Drupal SQL Injection vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
High
Ecosystems: packagist
Packages: typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: over 2 years ago
GSA_kwCzR0hTQS1tNmNoLWdnNWYtd3h4M805QQ
HTTP Proxy header vulnerabilityEcosystems: packagist
Packages: typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS1mbWZ2LXg4bXAtNTc2N80s5g
Improper input validation in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
GSA_kwCzR0hTQS03M3E0LWozMjQtMnFjY80s4w
Incorrect authorization in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS12OHdyLXI2OXAtbW13eM0rQw
Unrestricted Upload of File with Dangerous Type in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS1tbWpyLTVxNzQtcDNtNM0rRQ
Exposure of Resource to Wrong Sphere in Drupal CoreEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS0zbTM2LW1qd2otMzUyY80rQQ
Drupal core Cross-site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS1jNTMzLWM4NDMtNjdoOM0rSw
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditorEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
GSA_kwCzR0hTQS1tNnE1LXd2NHgtZnY2aM0rRw
Cross-site Scripting in Drupal CoreEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
GSA_kwCzR0hTQS1qNTg2LWNqNjctdmc0cM0rQg
Cross-Site Request Forgery in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
GSA_kwCzR0hTQS1xZmhnLW02cjgteHhwas0rPw
Incorrect Authorization in Drupal coreEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
GSA_kwCzR0hTQS0zeHIzLXBoanAtZzZwMs0rPA
Drupal core access bypass vulnerabilityEcosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in DrupalEcosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
High
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 3 years ago
GSA_kwCzR0hTQS02OGpjLXYyN2gtdmhtd80WbQ
Drupal core Unrestricted Upload of File with Dangerous TypeEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 3 years ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 3 years ago
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapperEcosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 3 years ago
Moderate
Ecosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJneDYtcmpqNC1jMzg4
ckeditor4 vulnerable to cross-site scriptingEcosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 3 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OTYtcTVyOC13N2cy
Symfony Cross-site Scripting (XSS) vulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzZjYtZjI5Zi1yZ3Zw
Missing Authorization in DrupalEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 5 years ago
Statistics
Advisories: 19,584
Packages: 8,642
Repositories: 7
Ecosystems: 12
Packages: 8,642
Repositories: 7
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
moodle/moodle
342
magento/community-edition
204
typo3/cms
174
pimcore/pimcore
117
dolibarr/dolibarr
112
typo3/cms-core
106
phpmyadmin/phpmyadmin
92
microweber/microweber
91
drupal/core
91
silverstripe/framework
85
drupal/drupal
76
thorsten/phpmyfaq
70
symfony/symfony
64
librenms/librenms
54
concrete5/concrete5
52
shopware/platform
48
baserproject/basercms
43
craftcms/cms
42
showdoc/showdoc
40
intelliants/subrion
39
froxlor/froxlor
37
nilsteampassnet/teampass
37
shopware/core
36
zendframework/zendframework1
34
snipe/snipe-it
33
shopware/shopware
30
mautic/core
30
getgrav/grav
29
centreon/centreon
27
prestashop/prestashop
26
magento/core
24
mediawiki/core
24
zendframework/zendframework
23
grumpydictator/firefly-iii
23
pocketmine/pocketmine-mp
23
remdex/livehelperchat
23
simplesamlphp/simplesamlphp
23
getkirby/cms
22
contao/core-bundle
21
tribalsystems/zenario
20
laravel/framework
19
cockpit-hq/cockpit
18
forkcms/forkcms
18
contao/contao
18
symfony/security
17
ezsystems/ezpublish-kernel
17
genix/cms
17
cakephp/cakephp
17
francoisjacquet/rosariosis
17
opencart/opencart
17
topthink/framework
17
yetiforce/yetiforce-crm
16
october/system
15
smarty/smarty
15
ec-cube/ec-cube
15
openmage/magento-lts
15
symfony/security-http
14
phpmailer/phpmailer
14
typo3/cms-backend
14
silverstripe/cms
14
codeigniter4/framework
13
elefant/cms
13
bolt/bolt
13
lavalite/cms
13
impresscms/impresscms
13
dompdf/dompdf
12
phpbb/phpbb
12
sylius/sylius
12
studio-42/elfinder
12
phpmyfaq/phpmyfaq
12
tinymce
11
wwbn/avideo
11
TinyMCE
11
tinymce/tinymce
11
feehi/feehicms
11
ezsystems/ezplatform-kernel
11
pimcore/admin-ui-classic-bundle
11
symfony/http-foundation
11
feehi/cms
11
admidio/admidio
10
ezsystems/ezpublish-legacy
10
wallabag/wallabag
10
yiisoft/yii2
10
nukeviet/nukeviet
10
pagekit/pagekit
10
ssddanbrown/bookstack
10
funadmin/funadmin
9
concrete5/core
9
october/october
9
alextselegidis/easyappointments
9
contao/core
9
kevinpapst/kimai2
9
croogo/croogo
8
codiad/codiad
8
gilacms/gila
8
october/cms
8
silverstripe/admin
8
pimcore/customer-management-framework-bundle
8
composer/composer
8
sulu/sulu
8
statamic/cms
8
facturascripts/facturascripts
8
silverstripe/graphql
8
passbolt/passbolt_api
7
ezsystems/ezplatform-admin-ui
7
wpglobus/wpglobus
7
pterodactyl/panel
7
symfony/http-kernel
7
mantisbt/mantisbt
7
backdrop/backdrop
7
october/backend
7
flarum/core
7
yourls/yourls
6
vrana/adminer
6
phpseclib/phpseclib
6
guzzlehttp/guzzle
6
automad/automad
6
dweeves/magmi
6
gleez/cms
6
zoujingli/thinkadmin
6
bagisto/bagisto
6
in2code/femanager
6
directmailteam/direct-mail
6
yiisoft/yii2-dev
6
nystudio107/craft-seomatic
6
oro/platform
6
elgg/elgg
5
typo3/cms-install
5
symfony/security-core
5
cachethq/cachet
5
bottelet/flarepoint
5
simplesamlphp/saml2
5
neos/flow
5
thinkcmf/thinkcmf
5
silverstripe/assets
5
phpservermon/phpservermon
5
twig/twig
5
billz/raspap-webgui
5
phpxmlrpc/phpxmlrpc
5
pear/archive_tar
5
woocommerce/woocommerce
5
neos/neos
5
anchorcms/anchor-cms
5
gugoan/economizzer
5
typo3/flow
5
illuminate/database
5
codeigniter/framework
5
ibexa/core
5
appwrite/server-ce
4
kimai/kimai
4
sylius/resource-bundle
4
modx/revolution
4
notrinos/notrinos-erp
4
pyrocms/pyrocms
4
shopxo/shopxo
4
idno/known
4
wintercms/winter
4
symfony/security-bundle
4
evolutioncms/evolution
4
friendsofsymfony/user-bundle
4
adodb/adodb-php
4
bytefury/crater
4
typo3/html-sanitizer
4
spatie/browsershot
4
ezsystems/ezplatform
4
codeigniter4/shield
4
zendframework/zendopenid
4
wp-premium/gravityforms
4
bref/bref
4
magento/product-community-edition
4
typo3/cms-frontend
4
oro/commerce
4
processwire/processwire
4
shopware/storefront
4
limesurvey/limesurvey
3
symfony/form
3
amphp/http-client
3
qcubed/qcubed
3
joomla/framework
3
zendframework/zend-diactoros
3
apache-solr-for-typo3/solr
3
flarum/framework
3
froala/wysiwyg-editor
3
zendframework/zend-http
3
ckeditor4
3
facade/ignition
3
prestashop/productcomments
3
yiisoft/yii
3
doctrine/orm
3
typo3/cms-form
3
phenx/php-svg-lib
3
rudloff/alltube
3
enhavo/enhavo-app
3
zencart/zencart
3
privatebin/privatebin
3
icecoder/icecoder
3
pixelfed/pixelfed
3
reportico-web/reportico
3
verbb/comments
3
phpoffice/phpspreadsheet
3