Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist

drupal/core

packagist

Drupal is an open source content management platform powering millions of websites and applications.

View on github.com · View on packagist.org

Security Advisories for drupal/core in packagist

Moderate
7 months ago

Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages GSA_kwCzR0hTQS0zOWc2LXg0eDgtNWpjbc4ABGKO

packagist drupal/core
Low
7 months ago

Drupal Core Cross-Site Scripting (XSS) Vulnerability GSA_kwCzR0hTQS1tNHdqLWhod2otNDdxcM4ABGKB

packagist drupal/core
Moderate
7 months ago

Drupal Core Vulnerable to Forceful Browsing GSA_kwCzR0hTQS13cHA4LWZqZ2YtcHdjN84ABGJ3

packagist drupal/core
Moderate
7 months ago

Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability GSA_kwCzR0hTQS0ycXBoLXE4eHctZ3Y3cc4ABGJ5

packagist drupal/core
Low
11 months ago

Drupal core contains a potential PHP Object Injection vulnerability GSA_kwCzR0hTQS05MzhmLTVyNGYtaDY1ds4ABCNm

packagist drupal/drupal, drupal/core-recommended, drupal/core
Moderate
11 months ago

Drupal core Access bypass GSA_kwCzR0hTQS03Y3djLWZqcW0tOHZoOM4ABCNe

packagist drupal/drupal, drupal/core-recommended, drupal/core
High
11 months ago

Drupal core contains a potential PHP Object Injection vulnerability GSA_kwCzR0hTQS13NnJ4LTlnMngtbWc1Z84ABCNg

packagist drupal/drupal, drupal/core-recommended, drupal/core
High
11 months ago

Drupal core contains a potential PHP Object Injection vulnerability GSA_kwCzR0hTQS1ndmYyLTJmNGctanFmNM4ABCNl

packagist drupal/drupal, drupal/core-recommended, drupal/core
Moderate
11 months ago

Drupal Core Cross-Site Scripting (XSS) GSA_kwCzR0hTQS04bXZxLThoMnYtajl2Zs4ABCNk

packagist drupal/drupal, drupal/core-recommended, drupal/core
Moderate
11 months ago

Drupal core vulnerable to improper error handling GSA_kwCzR0hTQS01MmpyLXg2aDYteGo2Z84ABCFH

packagist drupal/core
High
11 months ago

Drupal core Denial of Service GSA_kwCzR0hTQS14cTU0LXg1NG0tdmNweM4ABCFO

packagist drupal/core
Moderate
about 1 year ago

Drupal Full Path Disclosure GSA_kwCzR0hTQS1tZzhqLXc5M3cteGpnY84AA_BD

packagist drupal/core, drupal/core-recommended, drupal/drupal
Moderate
over 1 year ago

Drupal core Cross-Site Scripting (XSS) vulnerabilities GSA_kwCzR0hTQS12ZmdjLWM3NmgtbXdoNM4AA8HN

packagist drupal/core
High
over 1 year ago

Drupal core Arbitrary PHP code execution GSA_kwCzR0hTQS1neHhqLWc5djgtdzI4cM4AA8HM

packagist drupal/core
Moderate
over 1 year ago

Drupal core Open Redirect vulnerability GSA_kwCzR0hTQS02Z2Y2LTI0aDItNjZqNM4AA8HL

packagist drupal/core
Moderate
over 1 year ago

Drupal core uses a vulnerable Third-party library CKEditor GSA_kwCzR0hTQS12MjczLWo1aHEtMjZ4cM4AA8HK

packagist drupal/core
High
over 1 year ago

Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar GSA_kwCzR0hTQS05OGg5LTcyN20tNDRxds4AA8HJ

packagist drupal/core
Moderate
over 1 year ago

Drupal core Access bypass GSA_kwCzR0hTQS1taDRoLTI3Z3EtY3h3as4AA8HI

packagist drupal/core
Moderate
over 1 year ago

Drupal core unrestricted file upload GSA_kwCzR0hTQS03Z3dqLTdmaG0tdnc0d84AA8HH

packagist drupal/core
Moderate
over 1 year ago

Drupal core Denial of Service GSA_kwCzR0hTQS1wcjk5LWMzM3AtZndmNs4AA8HG

packagist drupal/core
Critical
over 1 year ago

Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution GSA_kwCzR0hTQS03djY4LTNwcjUtaDNjcs4AA8HF

packagist drupal/core
Critical
over 1 year ago

Drupal core Remote Code Execution GSA_kwCzR0hTQS02bWdwLXY1Y20tZ2hnNc4AA8HE

packagist drupal/core
Moderate
over 1 year ago

Drupal Anonymous Open Redirect GSA_kwCzR0hTQS1nZnZmLTJmMjUtZjM0cs4AA8HD

packagist drupal/core
Moderate
over 1 year ago

Drupal External URL injection through URL aliases leading to Open Redirect GSA_kwCzR0hTQS03ZjRmLXA3bXEtcDRmds4AA8HC

packagist drupal/core
Moderate
over 1 year ago

Drupal Content moderation Access bypass GSA_kwCzR0hTQS1mODRxLW1najktOGpmY84AA8HB

packagist drupal/core
Critical
over 1 year ago

Drupal Core Remote Code Execution Vulnerability GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY

packagist drupal/drupal, drupal/core
Moderate
over 1 year ago

Drupal core Denial of Service vulnerability GSA_kwCzR0hTQS02Y2N2LThmZ2YtY2pwd84AA5Og

packagist drupal/core
Moderate
almost 2 years ago

Drupal Denial of Service vulnerability GSA_kwCzR0hTQS02MmNmLWp2cHAtNDhxNs4AA4du

packagist drupal/core
Critical
almost 2 years ago

Drupal Improper Access Control GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2

packagist drupal/drupal, drupal/core
Critical
about 2 years ago

Cache poisoning in drupal/core GSA_kwCzR0hTQS1yanFnLTNoOW0tZng1eM4AA2IQ

packagist drupal/core
Critical
over 2 years ago

Access bypass in Drupal core GSA_kwCzR0hTQS04ODQ5LWN2OWYtdmNjbc4AAy-9

packagist drupal/core
Moderate
over 2 years ago

Lack of domain validation in Druple core GSA_kwCzR0hTQS00d2ZxLWpjOWgtdnBjeM4AAy-i

packagist drupal/core
Moderate
over 2 years ago

Access bypass in Drupal core GSA_kwCzR0hTQS03anI0LWhncXgtdndncc4AAy-k

packagist drupal/core
High
over 2 years ago

Improper input validation in Drupal core GSA_kwCzR0hTQS1nMzZoLTRqcjYtcW1tOc4AAy-o

packagist drupal/core
Moderate
over 2 years ago

Access bypass in Drupal Core GSA_kwCzR0hTQS1jZmgyLTdmNmgtM204Nc4AAy8f

packagist drupal/core
High
about 3 years ago

Drupal core arbitrary PHP code execution GSA_kwCzR0hTQS02OTU1LTY3aG0tdmpqcc4AAt2o

packagist drupal/core
High
about 3 years ago

Drupal core Information Disclosure vulnerability GSA_kwCzR0hTQS14aDN2LTZmOWotd3h3M84AAt2d

packagist drupal/core
Moderate
over 3 years ago

Drupal Core Cross-site scripting vulnerability GSA_kwCzR0hTQS1xZjJnLW1ycngtcnI1cM4AAo0h

packagist drupal/core
High
over 3 years ago

Drupal Core Cross-Site Request Forgery (CSRF) vulnerability GSA_kwCzR0hTQS1tNjQ4LWhwZjgtcWNqd84AAozw

packagist drupal/core
Moderate
over 3 years ago

Drupal Core Access bypass vulnerability GSA_kwCzR0hTQS14MnE5LXI4Z20tZjY1N84AAohb

packagist drupal/drupal, drupal/core
Critical
over 3 years ago

Drupal Core Access bypass vulnerability GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Core Open Redirect vulnerability GSA_kwCzR0hTQS1nanFnLTlyaHYtcWo2N84AAoX9

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Core Cross-site scripting vulnerability GSA_kwCzR0hTQS04amoyLXgyZ2MtZ2dtN84AAoX_

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Core Arbitrary PHP code execution vulnerability GSA_kwCzR0hTQS14NzJmLWdnanctdjV4aM4AAoYA

packagist drupal/core
Moderate
over 3 years ago

Drupal Cross Site Scripting (XSS) vulnerability GSA_kwCzR0hTQS1jbW1oLThtd3AtZ3E1cM4AAiGR

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Access Control Bypass GSA_kwCzR0hTQS05NnZ4LXFmMjgtNmY4bc4AAdq5

packagist drupal/core
Moderate
over 3 years ago

Drupal CRLF injection vulnerability in the drupal_set_header function GSA_kwCzR0hTQS1mZzVxLXIycTUtcW1oM84AAdZQ

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal saving user accounts can sometimes grant the user all roles GSA_kwCzR0hTQS1xM3A5LTg3Mjgtd3E3eM4AAdZM

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Form API ignores access restrictions on submit buttons GSA_kwCzR0hTQS00Z2g1LTNocWoteDNwas4AAdZP

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Reflected file download vulnerability GSA_kwCzR0hTQS1xcXhjLWNwcGctNHhwOM4AAdYz

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal sensitive information disclosure GSA_kwCzR0hTQS1wcXY0LXhncWgtajh2aM4AAdYs

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Brute force amplification attacks via XML-RPC GSA_kwCzR0hTQS1oM3I5LXBqbXItZjkzOM4AAdYi

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Open redirect vulnerability in the drupal_goto function GSA_kwCzR0hTQS1neHd4LWM3bTgtZjk1aM4AAdYo

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal File upload access bypass and denial of service GSA_kwCzR0hTQS13MnBqLWM4eDUtanZnMs4AAdXp

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal arbitrary code execution GSA_kwCzR0hTQS02OWc4LWc5anEtNzR2N84AAdW6

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Users without "Administer comments" can set comment visibility on nodes they can edit GSA_kwCzR0hTQS02ZzloLTZ2NzktdzRwY84AAdKR

packagist drupal/core, drupal/drupal
Moderate
over 3 years ago

Drupal Cross-site scripting (XSS) vulnerability GSA_kwCzR0hTQS12aGc4LXg4NTgtN3dxNs4AAdKN

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Unprivileged access to config export GSA_kwCzR0hTQS1mbXFoLTJqMngtdmdwM84AAdKO

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Saving user accounts can sometimes grant the user all roles GSA_kwCzR0hTQS1mcnFmLTlxcjQtNnZ4Zs4AAc9G

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Views can allow unauthorized users to see Statistics information GSA_kwCzR0hTQS1yZnh4LWd4d2MtOTIzY84AAc9H

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Denial of service via transliterate mechanism GSA_kwCzR0hTQS1qcGo4LTQ5aHItd2N3ds4AAc7N

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Incorrect cache context on password reset page GSA_kwCzR0hTQS05OHc1LXdxcDktdzQ2Ns4AAc69

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal sensitive information disclosure GSA_kwCzR0hTQS1wNzQ1LTM0N2gtaGpmd84AAcG_

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Open Redirect GSA_kwCzR0hTQS02NmdyLXhyY2YtOGpwcc4AAcG9

packagist drupal/core
High
over 3 years ago

Drupal Cross-Site Request Forgery (CSRF) GSA_kwCzR0hTQS1neHhxLWZoYzctM2p2Oc4AAbOV

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal cross site scripting vulnerability GSA_kwCzR0hTQS01dnByLXYyNHctbW1qas4AAXNU

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal external link injection vulnerability GSA_kwCzR0hTQS13bTg2LXczY2YtaDZ2bc4AAXNG

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal cross-site scripting vulnerability GSA_kwCzR0hTQS01ODVqLTU0NDktbWY1bc4AAXMs

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Comment reply form allows access to restricted content GSA_kwCzR0hTQS0ycDI4LTVtdnAtMmoycs4AAXMk

packagist drupal/drupal, drupal/core
Critical
over 3 years ago

Drupal PECL YAML parser unsafe object handling GSA_kwCzR0hTQS05YzI0LWczMmctMzVyas4AAWPD

packagist drupal/drupal, drupal/core
Critical
over 3 years ago

Drupal Core Remote Code Execution Vulnerability GSA_kwCzR0hTQS03Zmg5LTkzM2ctODg1cM4AAUGf

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS) GSA_kwCzR0hTQS1nNzhoLXBmNjUtNDZyds4AATTf

npm, packagist ckeditor-dev, drupal/core
High
over 3 years ago

Drupal access control bypass vulnerability GSA_kwCzR0hTQS02aHBqLTl4ajctMmp4eM4AASZo

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Settings Tray access bypass GSA_kwCzR0hTQS03ZmZoLWNqdmctZnByNM4AASZT

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal access bypass vulnerability GSA_kwCzR0hTQS0zMzI3LWpyOTMtN2hxM84AASZL

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal access bypass vulnerability GSA_kwCzR0hTQS02Nm12LXE4cjItaGo4d84AASZx

packagist drupal/drupal, drupal/core
Critical
over 3 years ago

Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Remote code execution GSA_kwCzR0hTQS1yaHg5LTNxZjctcjNqN84AASYD

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal editor module incorrectly checks access to inline private files GSA_kwCzR0hTQS13N3F4LXZ3cjktMmozcs4AASX9

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal REST API can bypass comment approval GSA_kwCzR0hTQS1wOGc2LTVtZzctOXI1cc4AARZN

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal file REST resource does not properly validate GSA_kwCzR0hTQS1oMzc3LTI4N20tdzJyOc4AARY1

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal core access bypass vulnerability GSA_kwCzR0hTQS01OGYzLWN4OHAtaDhqZ84AARYs

packagist drupal/drupal, drupal/core
High
over 3 years ago

Drupal Core Remote Code Execution Vulnerability GSA_kwCzR0hTQS0zZ3g2LWg1N2gtcm0yN84AAQKY

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal Cross-Site Scripting vulnerability GSA_kwCzR0hTQS1xcDhxLWd3ZjUtaHFoMs0_SQ

packagist drupal/core
Critical
over 3 years ago

Drupal SQL Injection vulnerability GSA_kwCzR0hTQS1oY3E5LWhtZ2YtNnFyOc0_Sg

packagist drupal/core
High
over 3 years ago

Improper input validation in Drupal core GSA_kwCzR0hTQS1mbWZ2LXg4bXAtNTc2N80s5g

packagist drupal/core
Moderate
over 3 years ago

Incorrect authorization in Drupal core GSA_kwCzR0hTQS03M3E0LWozMjQtMnFjY80s4w

packagist drupal/core
Moderate
over 3 years ago

Drupal core Cross-site Scripting (XSS) vulnerability GSA_kwCzR0hTQS0zbTM2LW1qd2otMzUyY80rQQ

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor GSA_kwCzR0hTQS1jNTMzLWM4NDMtNjdoOM0rSw

packagist drupal/drupal, drupal/core
Moderate
over 3 years ago

Cross-Site Request Forgery in Drupal core GSA_kwCzR0hTQS1qNTg2LWNqNjctdmc0cM0rQg

packagist drupal/core
High
over 3 years ago

Exposure of Resource to Wrong Sphere in Drupal Core GSA_kwCzR0hTQS1tbWpyLTVxNzQtcDNtNM0rRQ

packagist drupal/core
Critical
over 3 years ago

Unrestricted Upload of File with Dangerous Type in Drupal core GSA_kwCzR0hTQS12OHdyLXI2OXAtbW13eM0rQw

packagist drupal/core
Moderate
over 3 years ago

Incorrect Authorization in Drupal core GSA_kwCzR0hTQS1xZmhnLW02cjgteHhwas0rPw

packagist drupal/core
High
over 3 years ago

Drupal core access bypass vulnerability GSA_kwCzR0hTQS0zeHIzLXBoanAtZzZwMs0rPA

packagist drupal/core
Critical
almost 4 years ago

Arbitrary PHP code execution in Drupal GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A

packagist drupal/core
High
about 4 years ago

Drupal core Unrestricted Upload of File with Dangerous Type GSA_kwCzR0hTQS02OGpjLXYyN2gtdmhtd80WbQ

packagist drupal/drupal, drupal/core
Critical
about 4 years ago

Directory Traversal in typo3/phar-stream-wrapper GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA

packagist drupal/drupal, drupal/core
Moderate
over 4 years ago

ckeditor4 vulnerable to cross-site scripting MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJneDYtcmpqNC1jMzg4

packagist drupal/drupal, drupal/core
Moderate
almost 6 years ago

Symfony Cross-site Scripting (XSS) vulnerability MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OTYtcTVyOC13N2cy

packagist drupal/drupal, drupal/core
Moderate
about 6 years ago

Missing Authorization in Drupal MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzZjYtZjI5Zi1yZ3Zw

packagist drupal/core

Filter by Severity

Moderate 53 High 31 Critical 14 Low 2