1. Home
  2. Packages
  3. composer
  4. drupal
  5. core

pkg:composer/drupal/core

Type composer
Namespace drupal
Name core

Known advisories, vulnerabilities and fixes for core package.

Repository
https://packagist.org/packages/drupal/core
Critical 8
High 25
Medium 28
None 14
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 8.0, < 8.0.4 CVE-2016-3162
composer PHP:DRUPAL-CORE-2016-3162 File upload access bypass and denial of service high 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.0, < 8.0.4 CVE-2016-3163
composer PHP:DRUPAL-CORE-2016-3163 Brute force amplification attacks via XML-RPC high 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.0, < 8.0.4 CVE-2016-3164
composer PHP:DRUPAL-CORE-2016-3164 Open redirect via path manipulation high 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.0, < 8.0.4 CVE-2016-3165
composer PHP:DRUPAL-CORE-2016-3165 Form API ignores access restrictions on submit buttons high 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.0, < 8.0.4 CVE-2016-3166
composer PHP:DRUPAL-CORE-2016-3166 HTTP header injection using line breaks medium 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.0, < 8.0.4 CVE-2016-3167
composer PHP:DRUPAL-CORE-2016-3167 Open redirect via double-encoded 'destination' parameter high 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.0, < 8.0.4 CVE-2016-3168
composer PHP:DRUPAL-CORE-2016-3168 Reflected file download vulnerability medium 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.0, < 8.0.4 CVE-2016-3169
composer PHP:DRUPAL-CORE-2016-3169 Saving user accounts can sometimes grant the user all roles high 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.0, < 8.0.4 CVE-2016-3170
composer PHP:DRUPAL-CORE-2016-3170 Email address can be matched to an account medium 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.0, < 8.0.4 CVE-2016-3171
composer PHP:DRUPAL-CORE-2016-3171 Session data truncation can lead to unserialization of user provided data high 2016-02-15T18:57:00
(8 years ago)
Affected >= 8.1.0, < 8.1.7 >= 8.0, < 8.1.0 CVE-2016-5385
composer PHP:DRUPAL-CORE-2016-5385 Drupal Core - Highly Critical - Injection - SA-CORE-2016-003 high 2016-07-18T16:01:00
(8 years ago)
Affected >= 8.0, < 8.1.0 >= 8.1.0, < 8.1.3 CVE-2016-6211
composer PHP:DRUPAL-CORE-2016-6211 Saving user accounts can sometimes grant the user all roles high 2016-06-15T20:59:00
(8 years ago)
Affected >= 8.1.0, < 8.1.3 >= 8.0, < 8.1.0 CVE-2016-6212
composer PHP:DRUPAL-CORE-2016-6212 Views can allow unauthorized users to see Statistics information medium 2016-06-15T20:59:00
(8 years ago)
Affected >= 8.1.0, < 8.1.10 >= 8.0, < 8.1.0 CVE-2016-7570
composer PHP:DRUPAL-CORE-2016-7570 Users without "Administer comments" can set comment visibility on nodes they can edit medium 2016-09-21T18:39:00
(8 years ago)
Affected >= 8.0, < 8.1.0 >= 8.1.0, < 8.1.10 CVE-2016-7571
composer PHP:DRUPAL-CORE-2016-7571 Cross-site Scripting in http exceptions medium 2016-09-21T18:39:00
(8 years ago)
Affected >= 8.1.0, < 8.1.10 >= 8.0, < 8.1.0 CVE-2016-7572
composer PHP:DRUPAL-CORE-2016-7572 Full config export can be downloaded without administrative permissions medium 2016-09-21T18:39:00
(8 years ago)
Affected >= 8.0, < 8.1.0 >= 8.2.0, < 8.2.3 >= 8.1.0, < 8.2.0 CVE-2016-9449
composer PHP:DRUPAL-CORE-2016-9449 Inconsistent name for term access query medium 2016-11-16T18:45:00
(7 years ago)
Affected >= 8.2.0, < 8.2.3 >= 8.1.0, < 8.2.0 >= 8.0, < 8.1.0 CVE-2016-9450
composer PHP:DRUPAL-CORE-2016-9450 Incorrect cache context on password reset page high 2016-11-16T18:45:00
(7 years ago)
Affected >= 8.0, < 8.1.0 >= 8.2.0, < 8.2.3 >= 8.1.0, < 8.2.0 CVE-2016-9452
composer PHP:DRUPAL-CORE-2016-9452 Denial of service via transliterate mechanism medium 2016-11-16T18:45:00
(7 years ago)
Affected >= 8.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.7 CVE-2017-6377
composer PHP:DRUPAL-CORE-2017-6377 Editor module incorrectly checks access to inline private files high 2017-03-15T20:19:51
(7 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.7 >= 8.0, < 8.1.0 CVE-2017-6379
composer PHP:DRUPAL-CORE-2017-6379 Some admin paths were not protected with a CSRF token high 2017-03-15T20:19:51
(7 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.7 >= 8.0, < 8.1.0 CVE-2017-6381
composer PHP:DRUPAL-CORE-2017-6381 Remote code execution high 2017-03-15T20:19:51
(7 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.8 >= 8.3.0, < 8.3.1 >= 8.0, < 8.1.0 CVE-2017-6919
composer PHP:DRUPAL-CORE-2017-6919 Access bypass high 2017-04-19T16:07:22
(7 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.3.4 >= 8.0, < 8.1.0 CVE-2017-6920
composer PHP:DRUPAL-CORE-2017-6920 PECL YAML parser unsafe object handling critical 2017-06-21T18:13:27
(7 years ago)
Affected >= 8.0, < 8.1.0 >= 8.3.0, < 8.3.4 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 CVE-2017-6921
composer PHP:DRUPAL-CORE-2017-6921 File REST resource does not properly validate medium 2017-06-21T18:13:27
(7 years ago)
Affected >= 8.0, < 8.1.0 >= 8.3.0, < 8.3.4 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 CVE-2017-6922
composer PHP:DRUPAL-CORE-2017-6922 Files uploaded by anonymous users into a private file system can be accessed by other anonymous users medium 2017-06-21T18:13:27
(7 years ago)
Affected >= 8.3.0, < 8.3.7 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.0, < 8.1.0 CVE-2017-6923
composer PHP:DRUPAL-CORE-2017-6923 Views does not properly restrict access to the Ajax endpoint. medium 2017-08-16T17:10:35
(7 years ago)
Affected >= 8.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.3.7 CVE-2017-6924
composer PHP:DRUPAL-CORE-2017-6924 REST API can bypass comment approval. high 2017-08-16T17:10:35
(7 years ago)
Affected >= 8.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.3.7 CVE-2017-6925
composer PHP:DRUPAL-CORE-2017-6925 Entity access bypass for entities that do not have UUIDs or have protected revisions. critical 2017-08-16T17:10:35
(7 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.4.0, < 8.4.5 >= 8.3.0, < 8.4.0 >= 8.0, < 8.1.0 CVE-2017-6926
composer PHP:DRUPAL-CORE-2017-6926 Comment reply form allows access to restricted content. high 2018-02-20T21:35:13
(6 years ago)
Affected >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.5 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.0, < 8.1.0 CVE-2017-6927
composer PHP:DRUPAL-CORE-2017-6927 JavaScript cross-site scripting prevention is incomplete. medium 2018-02-20T21:35:13
(6 years ago)
Affected >= 8.4.0, < 8.4.5 >= 8.3.0, < 8.4.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.0, < 8.1.0 CVE-2017-6928
composer PHP:DRUPAL-CORE-2017-6928 Private file access bypass. medium 2018-02-20T21:35:13
(6 years ago)
Affected >= 8.4.0, < 8.4.5 >= 8.3.0, < 8.4.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.0, < 8.1.0 CVE-2017-6929
composer PHP:DRUPAL-CORE-2017-6929 jQuery vulnerability with untrusted domains. medium 2018-02-20T21:35:13
(6 years ago)
Affected >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.5 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.0, < 8.1.0 CVE-2017-6930
composer PHP:DRUPAL-CORE-2017-6930 Language fallback can be incorrect on multilingual sites with node access restrictions. high 2018-02-20T21:35:13
(6 years ago)
Affected >= 8.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.5 CVE-2017-6931
composer PHP:DRUPAL-CORE-2017-6931 Settings Tray access bypass. medium 2018-02-20T21:35:13
(6 years ago)
Affected >= 8.0, < 8.1.0 >= 8.4.0, < 8.4.5 >= 8.3.0, < 8.4.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 CVE-2017-6932
composer PHP:DRUPAL-CORE-2017-6932 External link injection on 404 pages when linking to the current page. medium 2018-02-20T21:35:13
(6 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.6.2 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.5.8 >= 8.3.0, < 8.4.0 >= 8.0.0, < 8.1.0 composer PHP:DRUPAL-CORE-2018-10-17-1 Content moderation - Moderately critical - Access bypass 2018-10-17T22:19:00
(6 years ago)
Affected >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.5.8 >= 7.0, < 7.60 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 8.6.0, < 8.6.2 >= 8.3.0, < 8.4.0 >= 8.2.0, < 8.3.0 composer PHP:DRUPAL-CORE-2018-10-17-2 External URL injection through URL aliases - Moderately Critical - Open Redirect 2018-10-17T22:19:00
(6 years ago)
Affected >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.3.0, < 8.4.0 >= 8.5.0, < 8.5.8 >= 8.4.0, < 8.5.0 >= 8.6.0, < 8.6.2 composer PHP:DRUPAL-CORE-2018-10-17-3 Anonymous Open Redirect - Moderately Critical - Open Redirect 2018-10-17T22:19:00
(6 years ago)
Affected >= 7.0, < 7.60 >= 8.5.0, < 8.5.8 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.2 >= 8.2.0, < 8.3.0 composer PHP:DRUPAL-CORE-2018-10-17-4 Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution 2018-10-17T22:19:00
(6 years ago)
Affected >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.5.0, < 8.5.8 >= 8.6.0, < 8.6.2 >= 8.4.0, < 8.5.0 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 composer PHP:DRUPAL-CORE-2018-10-17-5 Contextual Links validation - Critical - Remote Code Execution 2018-10-17T22:19:00
(6 years ago)
Affected >= 8.4, < 8.4.6 >= 8.0, < 8.3.9 >= 8.5, < 8.5.1 >= 7.0, < 7.58 CVE-2018-7600
composer PHP:DRUPAL-CORE-2018-7600 Highly critical - Remote Code Execution critical 2018-03-28T19:30:00
(6 years ago)
Affected >= 8.0, < 8.1.0 >= 8.4, < 8.4.8 >= 8.3.0, < 8.4.0 >= 8.5, < 8.5.3 >= 7.0, < 7.59 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 CVE-2018-7602
composer PHP:DRUPAL-CORE-2018-7602 Critical - Remote Code Execution critical 2018-04-25T16:39:00
(6 years ago)
Affected >= 8.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.4, < 8.4.7 >= 8.3.0, < 8.4.0 >= 8.5, < 8.5.2 CVE-2018-9861
composer PHP:DRUPAL-CORE-2018-9861 Moderately critical - Cross Site Scripting medium 2018-04-18T17:53:00
(6 years ago)
Affected >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.14 >= 8.2.0, < 8.3.0 >= 8.5.0, < 8.5.14 >= 7.0, < 7.65 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 CVE-2019-10909
composer PHP:DRUPAL-CORE-2019-10909 Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005 medium 2019-04-17T22:31:00
(5 years ago)
Affected >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.67.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.16 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.1 CVE-2019-11831
composer PHP:DRUPAL-CORE-2019-11831 Moderately critical - Third-party libraries - SA-CORE-2019-007 critical 2019-05-08T17:41:00
(5 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.11 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 8.8.0, < 8.8.1 >= 8.0.0, < 8.1.0 composer PHP:DRUPAL-CORE-2019-12-18-1 Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009 2019-12-18T08:55:00
(4 years ago)
Affected >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.11 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.1 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 composer PHP:DRUPAL-CORE-2019-12-18-2 Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010 2019-12-18T08:55:00
(4 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.1 >= 8.7.0, < 8.7.11 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 composer PHP:DRUPAL-CORE-2019-12-18-3 Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011 2019-12-18T08:55:00
(4 years ago)
Affected >= 8.8.0, < 8.8.1 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.11 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.69 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 composer PHP:DRUPAL-CORE-2019-12-18-4 Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012 2019-12-18T08:55:00
(4 years ago)
Affected >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.6 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.5.9 >= 7.0.0, < 7.62.0 >= 8.4.0, < 8.5.0 CVE-2019-6338
composer PHP:DRUPAL-CORE-2019-6338 Critical - Third Party Libraries high 2019-01-15T17:41:00
(5 years ago)
Affected >= 8.6.0, < 8.6.6 >= 8.3.0, < 8.4.0 >= 8.2.0, < 8.3.0 >= 8.0.0, < 8.1.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.5.9 >= 7.0.0, < 7.62.0 >= 8.1.0, < 8.2.0 CVE-2019-6339
composer PHP:DRUPAL-CORE-2019-6339 Critical - Arbitrary PHP code execution critical 2019-01-15T17:41:00
(5 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.5.11 >= 7.0.0, < 7.62.0 >= 8.4.0, < 8.5.0 >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.10 CVE-2019-6340
composer PHP:DRUPAL-CORE-2019-6340 Highly critical - Remote Code Execution high 2019-02-20T17:41:00
(5 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.5.14 >= 7.0.0, < 7.65.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.6.13 >= 8.3.0, < 8.4.0 >= 8.0.0, < 8.1.0 CVE-2019-6341
composer PHP:DRUPAL-CORE-2019-6341 Moderately critical - Cross Site Scripting - SA-CORE-2019-004 medium 2019-03-20T17:41:00
(5 years ago)
Affected > 8.7.3, < 8.7.5 CVE-2019-6342
composer PHP:DRUPAL-CORE-2019-6342 Critical - Access bypass critical 2019-07-16T16:24:00
(5 years ago)
Affected >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.1.0, < 8.2.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 8.7.0, < 8.7.12 >= 8.2.0, < 8.3.0 >= 8.8.0, < 8.8.4 >= 8.0.0, < 8.1.0 composer PHP:DRUPAL-CORE-2020-03-18 Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001 2020-03-18T13:37:00
(4 years ago)
Affected >= 7.0.0, < 7.70 composer PHP:DRUPAL-CORE-2020-05-20-1 Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003 2020-05-20T13:37:00
(4 years ago)
Affected >= 8.8.0, < 8.8.11 >= 9.0.0, < 9.0.8 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.9.0, < 8.9.9 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.74 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 composer PHP:DRUPAL-CORE-2020-11-25 Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013 2020-11-18T18:02:00
(3 years ago)
Affected >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.7.0, < 8.7.14 >= 8.2.0, < 8.3.0 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.6 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.70 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 CVE-2020-13662
composer PHP:DRUPAL-CORE-2020-13662 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002 medium 2020-05-20T13:37:00
(4 years ago)
Affected >= 9.0.0, < 9.0.1 >= 8.8.0, < 8.8.8 >= 8.0.0, < 8.1.0 >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 8.9.0, < 8.9.1 >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 7.0.0, < 7.72 >= 8.5.0, < 8.6.0 CVE-2020-13663
composer PHP:DRUPAL-CORE-2020-13663 Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004 high 2020-06-17T13:56:00
(4 years ago)
Affected >= 9.0.0, < 9.0.1 >= 8.8.0, < 8.8.8 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.9.0, < 8.9.1 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 CVE-2020-13664
composer PHP:DRUPAL-CORE-2020-13664 Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005 high 2020-06-17T13:56:00
(4 years ago)
Affected >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 8.0.0, < 8.1.0 >= 9.0.0, < 9.0.1 >= 8.8.0, < 8.8.8 >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.9.0, < 8.9.1 CVE-2020-13665
composer PHP:DRUPAL-CORE-2020-13665 Drupal core - Less critical - Access bypass - SA-CORE-2020-006 critical 2020-06-17T13:56:00
(4 years ago)
Affected >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.0.0, < 8.1.0 >= 9.0.0, < 9.0.6 >= 8.8.0, < 8.8.10 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.73 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.9.0, < 8.9.6 CVE-2020-13666
composer PHP:DRUPAL-CORE-2020-13666 Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007 medium 2020-09-16T13:56:00
(4 years ago)
Affected >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.9.0, < 8.9.6 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 9.0.0, < 9.0.6 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.10 CVE-2020-13667
composer PHP:DRUPAL-CORE-2020-13667 Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008 medium 2020-09-16T13:57:00
(4 years ago)
Affected >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.8.0, < 8.8.10 >= 9.0.0, < 9.0.6 >= 8.0.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.9.0, < 8.9.6 CVE-2020-13668
composer PHP:DRUPAL-CORE-2020-13668 Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009 medium 2020-09-16T13:59:00
(4 years ago)
Affected >= 8.9.0, < 8.9.6 >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 9.0.0, < 9.0.6 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.10 >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 CVE-2020-13669
composer PHP:DRUPAL-CORE-2020-13669 Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010 medium 2020-09-16T13:57:00
(4 years ago)
Affected >= 8.9.0, < 8.9.6 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.0.0, < 8.1.0 >= 9.0.0, < 9.0.6 >= 8.8.0, < 8.8.10 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 CVE-2020-13670
composer PHP:DRUPAL-CORE-2020-13670 Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011 high 2020-09-16T13:57:00
(4 years ago)
Affected >= 9.0.0, < 9.0.8 >= 8.8.0, < 8.8.11 >= 8.0.0, < 8.1.0 >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.9.0, < 8.9.9 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.74 >= 8.4.0, < 8.5.0 CVE-2020-13671
composer PHP:DRUPAL-CORE-2020-13671 Drupal core - Critical - Remote code execution - SA-CORE-2020-012 high 2020-11-18T18:02:00
(3 years ago)
Affected >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.80 >= 8.1.0, < 8.2.0 >= 8.9.0, < 8.9.14 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 9.1.0, < 9.1.7 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.8.0, < 8.9.0 >= 9.0.0, < 9.0.12 >= 8.0.0, < 8.1.0 CVE-2020-13672
composer PHP:DRUPAL-CORE-2020-13672 Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002 medium 2021-04-21T18:02:00
(3 years ago)
Affected >= 8.9.0, < 8.9.16 >= 9.2.0, < 9.2.4 >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.0.0, < 8.1.0 >= 9.0.0, < 9.1.0 >= 8.8.0, < 8.9.0 >= 9.1.0, < 9.1.12 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 composer PHP:DRUPAL-CORE-2021-05-26 Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005 2021-08-12T18:02:00
(3 years ago)
Affected >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.80 >= 8.1.0, < 8.2.0 >= 8.9.0, < 8.9.16 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 9.1.0, < 9.1.9 >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 9.0.0, < 9.0.14 >= 8.8.0, < 8.9.0 >= 8.0.0, < 8.1.0 CVE-2021-33829
composer PHP:DRUPAL-CORE-2021-33829 Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003 medium 2021-04-21T18:02:00
(3 years ago)
Affected >= 9.0.0, < 9.1.0 >= 9.2.0, < 9.3.0 >= 8.9.0, < 8.10.0 >= 9.3.0, < 9.3.19 >= 9.4.0, < 9.4.3 >= 7.0.0, < 7.91.0 >= 9.1.0, < 9.2.0 CVE-2022-25275
composer PHP:DRUPAL-CORE-2022-25275 Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012 high 2022-07-20T18:00:00
(2 years ago)
Affected >= 9.0.0, < 9.1.0 >= 9.3.0, < 9.3.19 >= 8.9.0, < 8.10.0 >= 9.2.0, < 9.3.0 >= 9.4.0, < 9.4.3 >= 9.1.0, < 9.2.0 CVE-2022-25277
composer PHP:DRUPAL-CORE-2022-25277 Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014 high 2022-07-20T18:00:00
(2 years ago)
Affected >= 8.0.0, < 9.3.19 >= 9.4.0, < 9.4.3 CVE-2022-25278
composer PHP:DRUPAL-CORE-2022-25278 Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013 medium 2022-07-20T10:11:42
(2 years ago)
Affected >= 8.9.0, < 9.0.0 >= 9.1.0, < 9.2.0 >= 9.5.0, < 10.0.0 >= 8.7.0, < 8.8.0 >= 10.0.0, < 10.1.0 >= 9.4.0, < 9.5.0 >= 8.3.0, < 8.4.0 >= 9.3.0, < 9.4.0 >= 9.2.0, < 9.3.0 >= 8.6.0, < 8.7.0 >= 9.0.0, < 9.1.0 >= 8.4.0, < 8.5.0 >= 8.8.0, < 8.9.0 >= 8.2.0, < 8.3.0 >= 10.1.0, < 10.1.8 >= 8.5.0, < 8.6.0 >= 8.1.0, < 8.2.0 >= 10.2.0, < 10.2.2 >= 8.0.0, < 8.1.0 composer PHP:DRUPAL-CORE-2024-01-17 Drupal core - Moderately critical - Denial of Service 2024-02-12T18:05:03
(7 months ago)