Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist drupal/drupal Security Advisories

Critical

GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY

Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 days ago

Critical

GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2

Drupal Improper Access Control
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 4 months ago

High

GSA_kwCzR0hTQS1tNjQ4LWhwZjgtcWNqd84AAozw

Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14MnE5LXI4Z20tZjY1N84AAohb

Drupal Core Access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB

Drupal Core Access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS04amoyLXgyZ2MtZ2dtN84AAoX_

Drupal Core Cross-site scripting vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1nanFnLTlyaHYtcWo2N84AAoX9

Drupal Core Open Redirect vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago

High

GSA_kwCzR0hTQS14NzJmLWdnanctdjV4aM4AAoYA

Drupal Core Arbitrary PHP code execution vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1jbW1oLThtd3AtZ3E1cM4AAiGR

Drupal Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: almost 2 years ago

Low

GSA_kwCzR0hTQS1wam14LTRnYzYtaHd2OM4AAgJb

Drupal cross-site scripting vulnerability via actions feature and trigger module
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS13d3JtLTg5NDctNG02Y84AAe25

Drupal Open Redirect
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS12cG02LWg1M20teDJ4Zs4AAe3O

Drupal improper access restrictions
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1mZzVxLXIycTUtcW1oM84AAdZQ

Drupal CRLF injection vulnerability in the drupal_set_header function
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago

High

GSA_kwCzR0hTQS04MzZwLTZwNGotMzVjZ84AAdZS

Drupal Open Redirect
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1xM3A5LTg3Mjgtd3E3eM4AAdZM

Drupal saving user accounts can sometimes grant the user all roles
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago

High

GSA_kwCzR0hTQS00Z2g1LTNocWoteDNwas4AAdZP

Drupal Form API ignores access restrictions on submit buttons
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1xcXhjLWNwcGctNHhwOM4AAdYz

Drupal Reflected file download vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1neHd4LWM3bTgtZjk1aM4AAdYo

Drupal Open redirect vulnerability in the drupal_goto function
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago

High

GSA_kwCzR0hTQS13MnBqLWM4eDUtanZnMs4AAdXp

Drupal File upload access bypass and denial of service
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago

High

GSA_kwCzR0hTQS02OWc4LWc5anEtNzR2N84AAdW6

Drupal arbitrary code execution
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS02ZzloLTZ2NzktdzRwY84AAdKR

Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1mbXFoLTJqMngtdmdwM84AAdKO

Drupal Unprivileged access to config export
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS12aGc4LXg4NTgtN3dxNs4AAdKN

Drupal Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1yZnh4LWd4d2MtOTIzY84AAc9H

Drupal Views can allow unauthorized users to see Statistics information
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1qcGo4LTQ5aHItd2N3ds4AAc7N

Drupal Denial of service via transliterate mechanism
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago

High

GSA_kwCzR0hTQS05OHc1LXdxcDktdzQ2Ns4AAc69

Drupal Incorrect cache context on password reset page
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1wNzQ1LTM0N2gtaGpmd84AAcG_

Drupal sensitive information disclosure
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1waDJqLTVoeHEtZ3hycs4AAa8_

Drupal Node Validation Bypass in the node module API
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS01dnByLXYyNHctbW1qas4AAXNU

Drupal cross site scripting vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS13bTg2LXczY2YtaDZ2bc4AAXNG

Drupal external link injection vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS01ODVqLTU0NDktbWY1bc4AAXMs

Drupal cross-site scripting vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago

High

GSA_kwCzR0hTQS0ycDI4LTVtdnAtMmoycs4AAXMk

Drupal Comment reply form allows access to restricted content
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS05YzI0LWczMmctMzVyas4AAWPD

Drupal PECL YAML parser unsafe object handling
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS03Zmg5LTkzM2ctODg1cM4AAUGf

Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1nNzhoLXBmNjUtNDZyds4AATTf

Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS03ZmZoLWNqdmctZnByNM4AASZT

Drupal Settings Tray access bypass
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago

High

GSA_kwCzR0hTQS0zMzI3LWpyOTMtN2hxM84AASZL

Drupal access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS02Nm12LXE4cjItaGo4d84AASZx

Drupal access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ

Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1yaHg5LTNxZjctcjNqN84AASYD

Drupal Remote code execution
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago

High

GSA_kwCzR0hTQS13N3F4LXZ3cjktMmozcs4AASX9

Drupal editor module incorrectly checks access to inline private files
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS01OGYzLWN4OHAtaDhqZ84AARYs

Drupal core access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1oMzc3LTI4N20tdzJyOc4AARY1

Drupal file REST resource does not properly validate
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1wOGc2LTVtZzctOXI1cc4AARZN

Drupal REST API can bypass comment approval
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago

High

GSA_kwCzR0hTQS0zZ3g2LWg1N2gtcm0yN84AAQKY

Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS02Y2o4LWMzNTktcDdxOc26VA

Drupal vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1tNmNoLWdnNWYtd3h4M805QQ

HTTP Proxy header vulnerability
Ecosystems: packagist
Packages: typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: about 2 years ago

High

Advisories: 18,149
Packages: 8,242
Repositories: 8
Ecosystems: 12

Filter by Severity

Moderate 7,821 High 6,288 Critical 2,787 Low 969

Filter by Ecosystem

maven 5,518 packagist 3,782 pypi 3,552 npm 3,530 go 1,885 nuget 1,390 rubygems 812 cargo 773 swift 31 hex 29 actions 16 pub 8

Filter by Package

moodle/moodle 318 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 microweber/microweber 91 phpmyadmin/phpmyadmin 91 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/core 70 drupal/drupal 56 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 28 centreon/centreon 27 shopware/shopware 27 getgrav/grav 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 contao/contao 18 tribalsystems/zenario 18 forkcms/forkcms 18 cakephp/cakephp 17 symfony/security 17 genix/cms 17 cockpit-hq/cockpit 17 francoisjacquet/rosariosis 17 simplesamlphp/simplesamlphp 17 yetiforce/yetiforce-crm 16 topthink/framework 15 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 zendframework/zendframework1 14 ezsystems/ezpublish-kernel 14 ec-cube/ec-cube 14 phpmailer/phpmailer 14 smarty/smarty 14 elefant/cms 13 codeigniter4/framework 13 impresscms/impresscms 13 october/system 13 phpmyfaq/phpmyfaq 12 studio-42/elfinder 12 dompdf/dompdf 12 bolt/bolt 12 phpbb/phpbb 12 lavalite/cms 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 pimcore/admin-ui-classic-bundle 10 admidio/admidio 10 opencart/opencart 10 pagekit/pagekit 10 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 sylius/sylius 10 wwbn/avideo 10 nukeviet/nukeviet 10 laravel/framework 10 TinyMCE 9 tinymce 9 tinymce/tinymce 9 alextselegidis/easyappointments 9 concrete5/core 9 kevinpapst/kimai2 9 october/october 9 ssddanbrown/bookstack 9 funadmin/funadmin 9 gilacms/gila 8 sulu/sulu 8 codiad/codiad 8 yiisoft/yii2 8 october/cms 8 facturascripts/facturascripts 8 pimcore/customer-management-framework-bundle 8 croogo/croogo 8 flarum/core 7 statamic/cms 7 symfony/http-foundation 7 silverstripe/graphql 7 silverstripe/admin 7 october/backend 7 symfony/http-kernel 6 composer/composer 6 yiisoft/yii2-dev 6 zoujingli/thinkadmin 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 directmailteam/direct-mail 6 wpglobus/wpglobus 6 pterodactyl/panel 6 nystudio107/craft-seomatic 6 dweeves/magmi 6 contao/core 6 yourls/yourls 6 in2code/femanager 6 backdrop/backdrop 6 automad/automad 5 elgg/elgg 5 symfony/security-core 5 cachethq/cachet 5 gleez/cms 5 phpseclib/phpseclib 5 simplesamlphp/saml2 5 vrana/adminer 5 ezsystems/ezplatform-admin-ui 5 silverstripe/assets 5 thinkcmf/thinkcmf 5 phpxmlrpc/phpxmlrpc 5 billz/raspap-webgui 5 typo3/cms-install 5 oro/platform 5 anchorcms/anchor-cms 5 bottelet/flarepoint 5 pear/archive_tar 5 gugoan/economizzer 5 ibexa/core 5 oro/commerce 4 bytefury/crater 4 modx/revolution 4 appwrite/server-ce 4 evolutioncms/evolution 4 notrinos/notrinos-erp 4 shopware/storefront 4 phpservermon/phpservermon 4 wp-premium/gravityforms 4 pyrocms/pyrocms 4 magento/product-community-edition 4 bref/bref 4 typo3/cms-frontend 4 codeigniter4/shield 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 spatie/browsershot 4 typo3/html-sanitizer 4 symfony/security-bundle 4 joomla/joomla-cms 3 prestashop/productcomments 3 processwire/processwire 3 quickapps/cms 3 mantisbt/mantisbt 3 phpoffice/phpspreadsheet 3 ckeditor4 3 joomla/framework 3 codeigniter/framework 3 symfony/form 3 illuminate/database 3 zencart/zencart 3 typo3/cms-form 3 qcubed/qcubed 3 verbb/comments 3 icecoder/icecoder 3 yiisoft/yii 3 flarum/framework 3 shopxo/shopxo 3 rudloff/alltube 3 enshrined/svg-sanitize 3 enhavo/enhavo-app 3 phenx/php-svg-lib 3 facade/ignition 3 tecnickcom/tcpdf 3 artesaos/seotools 3 sylius/resource-bundle 3 ezsystems/ezpublish-legacy 3 buddypress/buddypress 3 bbpress/bbpress 3 adodb/adodb-php 3 kimai/kimai 3 froala/wysiwyg-editor 3 limesurvey/limesurvey 3 apache-solr-for-typo3/solr 3 verot/class.upload.php 3 zendframework/zendopenid 3 zendframework/zendrest 3 zendframework/zendservice-audioscrobbler 3 uvdesk/community-skeleton 3 zendframework/zendservice-nirvanix 3 zendframework/zendservice-amazon 3 zendframework/zendservice-api 3 zendframework/zendservice-slideshare 3

Filter by Repository

https://github.com/drupal/core 4 https://github.com/TYPO3/phar-stream-wrapper 1 https://github.com/symfony/symfony 1 https://github.com/guzzle/guzzle 1 https://github.com/drupal/drupal 1 https://github.com/ckeditor/ckeditor-dev 1 https://github.com/a2u/CVE-2018-7600 1