pkg:composer/drupal/core
Type
composer
Namespace
drupal
Name
core
Known advisories, vulnerabilities and fixes for core package.
- Repository
- https://packagist.org/packages/drupal/core
Critical
8
High
25
Medium
28
None
14
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3162
|
PHP:DRUPAL-CORE-2016-3162 | File upload access bypass and denial of service | high |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3163
|
PHP:DRUPAL-CORE-2016-3163 | Brute force amplification attacks via XML-RPC | high |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3164
|
PHP:DRUPAL-CORE-2016-3164 | Open redirect via path manipulation | high |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3165
|
PHP:DRUPAL-CORE-2016-3165 | Form API ignores access restrictions on submit buttons | high |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3166
|
PHP:DRUPAL-CORE-2016-3166 | HTTP header injection using line breaks | medium |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3167
|
PHP:DRUPAL-CORE-2016-3167 | Open redirect via double-encoded 'destination' parameter | high |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3168
|
PHP:DRUPAL-CORE-2016-3168 | Reflected file download vulnerability | medium |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3169
|
PHP:DRUPAL-CORE-2016-3169 | Saving user accounts can sometimes grant the user all roles | high |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3170
|
PHP:DRUPAL-CORE-2016-3170 | Email address can be matched to an account | medium |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.0, < 8.0.4 |
CVE-2016-3171
|
PHP:DRUPAL-CORE-2016-3171 | Session data truncation can lead to unserialization of user provided data | high |
2016-02-15T18:57:00
(8 years ago) |
|
Affected | >= 8.1.0, < 8.1.7 >= 8.0, < 8.1.0 |
CVE-2016-5385
|
PHP:DRUPAL-CORE-2016-5385 | Drupal Core - Highly Critical - Injection - SA-CORE-2016-003 | high |
2016-07-18T16:01:00
(8 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.1.0, < 8.1.3 |
CVE-2016-6211
|
PHP:DRUPAL-CORE-2016-6211 | Saving user accounts can sometimes grant the user all roles | high |
2016-06-15T20:59:00
(8 years ago) |
|
Affected | >= 8.1.0, < 8.1.3 >= 8.0, < 8.1.0 |
CVE-2016-6212
|
PHP:DRUPAL-CORE-2016-6212 | Views can allow unauthorized users to see Statistics information | medium |
2016-06-15T20:59:00
(8 years ago) |
|
Affected | >= 8.1.0, < 8.1.10 >= 8.0, < 8.1.0 |
CVE-2016-7570
|
PHP:DRUPAL-CORE-2016-7570 | Users without "Administer comments" can set comment visibility on nodes they can edit | medium |
2016-09-21T18:39:00
(8 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.1.0, < 8.1.10 |
CVE-2016-7571
|
PHP:DRUPAL-CORE-2016-7571 | Cross-site Scripting in http exceptions | medium |
2016-09-21T18:39:00
(8 years ago) |
|
Affected | >= 8.1.0, < 8.1.10 >= 8.0, < 8.1.0 |
CVE-2016-7572
|
PHP:DRUPAL-CORE-2016-7572 | Full config export can be downloaded without administrative permissions | medium |
2016-09-21T18:39:00
(8 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.2.0, < 8.2.3 >= 8.1.0, < 8.2.0 |
CVE-2016-9449
|
PHP:DRUPAL-CORE-2016-9449 | Inconsistent name for term access query | medium |
2016-11-16T18:45:00
(7 years ago) |
|
Affected | >= 8.2.0, < 8.2.3 >= 8.1.0, < 8.2.0 >= 8.0, < 8.1.0 |
CVE-2016-9450
|
PHP:DRUPAL-CORE-2016-9450 | Incorrect cache context on password reset page | high |
2016-11-16T18:45:00
(7 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.2.0, < 8.2.3 >= 8.1.0, < 8.2.0 |
CVE-2016-9452
|
PHP:DRUPAL-CORE-2016-9452 | Denial of service via transliterate mechanism | medium |
2016-11-16T18:45:00
(7 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.7 |
CVE-2017-6377
|
PHP:DRUPAL-CORE-2017-6377 | Editor module incorrectly checks access to inline private files | high |
2017-03-15T20:19:51
(7 years ago) |
|
Affected | >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.7 >= 8.0, < 8.1.0 |
CVE-2017-6379
|
PHP:DRUPAL-CORE-2017-6379 | Some admin paths were not protected with a CSRF token | high |
2017-03-15T20:19:51
(7 years ago) |
|
Affected | >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.7 >= 8.0, < 8.1.0 |
CVE-2017-6381
|
PHP:DRUPAL-CORE-2017-6381 | Remote code execution | high |
2017-03-15T20:19:51
(7 years ago) |
|
Affected | >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.8 >= 8.3.0, < 8.3.1 >= 8.0, < 8.1.0 |
CVE-2017-6919
|
PHP:DRUPAL-CORE-2017-6919 | Access bypass | high |
2017-04-19T16:07:22
(7 years ago) |
|
Affected | >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.3.4 >= 8.0, < 8.1.0 |
CVE-2017-6920
|
PHP:DRUPAL-CORE-2017-6920 | PECL YAML parser unsafe object handling | critical |
2017-06-21T18:13:27
(7 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.3.0, < 8.3.4 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 |
CVE-2017-6921
|
PHP:DRUPAL-CORE-2017-6921 | File REST resource does not properly validate | medium |
2017-06-21T18:13:27
(7 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.3.0, < 8.3.4 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 |
CVE-2017-6922
|
PHP:DRUPAL-CORE-2017-6922 | Files uploaded by anonymous users into a private file system can be accessed by other anonymous users | medium |
2017-06-21T18:13:27
(7 years ago) |
|
Affected | >= 8.3.0, < 8.3.7 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.0, < 8.1.0 |
CVE-2017-6923
|
PHP:DRUPAL-CORE-2017-6923 | Views does not properly restrict access to the Ajax endpoint. | medium |
2017-08-16T17:10:35
(7 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.3.7 |
CVE-2017-6924
|
PHP:DRUPAL-CORE-2017-6924 | REST API can bypass comment approval. | high |
2017-08-16T17:10:35
(7 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.3.7 |
CVE-2017-6925
|
PHP:DRUPAL-CORE-2017-6925 | Entity access bypass for entities that do not have UUIDs or have protected revisions. | critical |
2017-08-16T17:10:35
(7 years ago) |
|
Affected | >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.4.0, < 8.4.5 >= 8.3.0, < 8.4.0 >= 8.0, < 8.1.0 |
CVE-2017-6926
|
PHP:DRUPAL-CORE-2017-6926 | Comment reply form allows access to restricted content. | high |
2018-02-20T21:35:13
(6 years ago) |
|
Affected | >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.5 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.0, < 8.1.0 |
CVE-2017-6927
|
PHP:DRUPAL-CORE-2017-6927 | JavaScript cross-site scripting prevention is incomplete. | medium |
2018-02-20T21:35:13
(6 years ago) |
|
Affected | >= 8.4.0, < 8.4.5 >= 8.3.0, < 8.4.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.0, < 8.1.0 |
CVE-2017-6928
|
PHP:DRUPAL-CORE-2017-6928 | Private file access bypass. | medium |
2018-02-20T21:35:13
(6 years ago) |
|
Affected | >= 8.4.0, < 8.4.5 >= 8.3.0, < 8.4.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.0, < 8.1.0 |
CVE-2017-6929
|
PHP:DRUPAL-CORE-2017-6929 | jQuery vulnerability with untrusted domains. | medium |
2018-02-20T21:35:13
(6 years ago) |
|
Affected | >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.5 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.0, < 8.1.0 |
CVE-2017-6930
|
PHP:DRUPAL-CORE-2017-6930 | Language fallback can be incorrect on multilingual sites with node access restrictions. | high |
2018-02-20T21:35:13
(6 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.5 |
CVE-2017-6931
|
PHP:DRUPAL-CORE-2017-6931 | Settings Tray access bypass. | medium |
2018-02-20T21:35:13
(6 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.4.0, < 8.4.5 >= 8.3.0, < 8.4.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 |
CVE-2017-6932
|
PHP:DRUPAL-CORE-2017-6932 | External link injection on 404 pages when linking to the current page. | medium |
2018-02-20T21:35:13
(6 years ago) |
|
Affected | >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.6.2 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.5.8 >= 8.3.0, < 8.4.0 >= 8.0.0, < 8.1.0 | PHP:DRUPAL-CORE-2018-10-17-1 | Content moderation - Moderately critical - Access bypass |
2018-10-17T22:19:00
(6 years ago) |
|||
Affected | >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.5.8 >= 7.0, < 7.60 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 8.6.0, < 8.6.2 >= 8.3.0, < 8.4.0 >= 8.2.0, < 8.3.0 | PHP:DRUPAL-CORE-2018-10-17-2 | External URL injection through URL aliases - Moderately Critical - Open Redirect |
2018-10-17T22:19:00
(6 years ago) |
|||
Affected | >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 8.3.0, < 8.4.0 >= 8.5.0, < 8.5.8 >= 8.4.0, < 8.5.0 >= 8.6.0, < 8.6.2 | PHP:DRUPAL-CORE-2018-10-17-3 | Anonymous Open Redirect - Moderately Critical - Open Redirect |
2018-10-17T22:19:00
(6 years ago) |
|||
Affected | >= 7.0, < 7.60 >= 8.5.0, < 8.5.8 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.2 >= 8.2.0, < 8.3.0 | PHP:DRUPAL-CORE-2018-10-17-4 | Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution |
2018-10-17T22:19:00
(6 years ago) |
|||
Affected | >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.5.0, < 8.5.8 >= 8.6.0, < 8.6.2 >= 8.4.0, < 8.5.0 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 | PHP:DRUPAL-CORE-2018-10-17-5 | Contextual Links validation - Critical - Remote Code Execution |
2018-10-17T22:19:00
(6 years ago) |
|||
Affected | >= 8.4, < 8.4.6 >= 8.0, < 8.3.9 >= 8.5, < 8.5.1 >= 7.0, < 7.58 |
CVE-2018-7600
|
PHP:DRUPAL-CORE-2018-7600 | Highly critical - Remote Code Execution | critical |
2018-03-28T19:30:00
(6 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.4, < 8.4.8 >= 8.3.0, < 8.4.0 >= 8.5, < 8.5.3 >= 7.0, < 7.59 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 |
CVE-2018-7602
|
PHP:DRUPAL-CORE-2018-7602 | Critical - Remote Code Execution | critical |
2018-04-25T16:39:00
(6 years ago) |
|
Affected | >= 8.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.4, < 8.4.7 >= 8.3.0, < 8.4.0 >= 8.5, < 8.5.2 |
CVE-2018-9861
|
PHP:DRUPAL-CORE-2018-9861 | Moderately critical - Cross Site Scripting | medium |
2018-04-18T17:53:00
(6 years ago) |
|
Affected | >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.14 >= 8.2.0, < 8.3.0 >= 8.5.0, < 8.5.14 >= 7.0, < 7.65 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 |
CVE-2019-10909
|
PHP:DRUPAL-CORE-2019-10909 | Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005 | medium |
2019-04-17T22:31:00
(5 years ago) |
|
Affected | >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.67.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.16 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.1 |
CVE-2019-11831
|
PHP:DRUPAL-CORE-2019-11831 | Moderately critical - Third-party libraries - SA-CORE-2019-007 | critical |
2019-05-08T17:41:00
(5 years ago) |
|
Affected | >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.11 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 8.8.0, < 8.8.1 >= 8.0.0, < 8.1.0 | PHP:DRUPAL-CORE-2019-12-18-1 | Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009 |
2019-12-18T08:55:00
(4 years ago) |
|||
Affected | >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.11 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.1 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 | PHP:DRUPAL-CORE-2019-12-18-2 | Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010 |
2019-12-18T08:55:00
(4 years ago) |
|||
Affected | >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.1 >= 8.7.0, < 8.7.11 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 | PHP:DRUPAL-CORE-2019-12-18-3 | Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011 |
2019-12-18T08:55:00
(4 years ago) |
|||
Affected | >= 8.8.0, < 8.8.1 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.11 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.69 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 | PHP:DRUPAL-CORE-2019-12-18-4 | Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012 |
2019-12-18T08:55:00
(4 years ago) |
|||
Affected | >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.6 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.5.9 >= 7.0.0, < 7.62.0 >= 8.4.0, < 8.5.0 |
CVE-2019-6338
|
PHP:DRUPAL-CORE-2019-6338 | Critical - Third Party Libraries | high |
2019-01-15T17:41:00
(5 years ago) |
|
Affected | >= 8.6.0, < 8.6.6 >= 8.3.0, < 8.4.0 >= 8.2.0, < 8.3.0 >= 8.0.0, < 8.1.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.5.9 >= 7.0.0, < 7.62.0 >= 8.1.0, < 8.2.0 |
CVE-2019-6339
|
PHP:DRUPAL-CORE-2019-6339 | Critical - Arbitrary PHP code execution | critical |
2019-01-15T17:41:00
(5 years ago) |
|
Affected | >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.5.11 >= 7.0.0, < 7.62.0 >= 8.4.0, < 8.5.0 >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.6.10 |
CVE-2019-6340
|
PHP:DRUPAL-CORE-2019-6340 | Highly critical - Remote Code Execution | high |
2019-02-20T17:41:00
(5 years ago) |
|
Affected | >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.5.14 >= 7.0.0, < 7.65.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.6.13 >= 8.3.0, < 8.4.0 >= 8.0.0, < 8.1.0 |
CVE-2019-6341
|
PHP:DRUPAL-CORE-2019-6341 | Moderately critical - Cross Site Scripting - SA-CORE-2019-004 | medium |
2019-03-20T17:41:00
(5 years ago) |
|
Affected | > 8.7.3, < 8.7.5 |
CVE-2019-6342
|
PHP:DRUPAL-CORE-2019-6342 | Critical - Access bypass | critical |
2019-07-16T16:24:00
(5 years ago) |
|
Affected | >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.1.0, < 8.2.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 8.7.0, < 8.7.12 >= 8.2.0, < 8.3.0 >= 8.8.0, < 8.8.4 >= 8.0.0, < 8.1.0 | PHP:DRUPAL-CORE-2020-03-18 | Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001 |
2020-03-18T13:37:00
(4 years ago) |
|||
Affected | >= 7.0.0, < 7.70 | PHP:DRUPAL-CORE-2020-05-20-1 | Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003 |
2020-05-20T13:37:00
(4 years ago) |
|||
Affected | >= 8.8.0, < 8.8.11 >= 9.0.0, < 9.0.8 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.9.0, < 8.9.9 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.74 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 | PHP:DRUPAL-CORE-2020-11-25 | Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013 |
2020-11-18T18:02:00
(3 years ago) |
|||
Affected | >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.7.0, < 8.7.14 >= 8.2.0, < 8.3.0 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.6 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.70 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 |
CVE-2020-13662
|
PHP:DRUPAL-CORE-2020-13662 | Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002 | medium |
2020-05-20T13:37:00
(4 years ago) |
|
Affected | >= 9.0.0, < 9.0.1 >= 8.8.0, < 8.8.8 >= 8.0.0, < 8.1.0 >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 8.9.0, < 8.9.1 >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 7.0.0, < 7.72 >= 8.5.0, < 8.6.0 |
CVE-2020-13663
|
PHP:DRUPAL-CORE-2020-13663 | Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004 | high |
2020-06-17T13:56:00
(4 years ago) |
|
Affected | >= 9.0.0, < 9.0.1 >= 8.8.0, < 8.8.8 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.9.0, < 8.9.1 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 |
CVE-2020-13664
|
PHP:DRUPAL-CORE-2020-13664 | Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005 | high |
2020-06-17T13:56:00
(4 years ago) |
|
Affected | >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 8.0.0, < 8.1.0 >= 9.0.0, < 9.0.1 >= 8.8.0, < 8.8.8 >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.9.0, < 8.9.1 |
CVE-2020-13665
|
PHP:DRUPAL-CORE-2020-13665 | Drupal core - Less critical - Access bypass - SA-CORE-2020-006 | critical |
2020-06-17T13:56:00
(4 years ago) |
|
Affected | >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.0.0, < 8.1.0 >= 9.0.0, < 9.0.6 >= 8.8.0, < 8.8.10 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.73 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.9.0, < 8.9.6 |
CVE-2020-13666
|
PHP:DRUPAL-CORE-2020-13666 | Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007 | medium |
2020-09-16T13:56:00
(4 years ago) |
|
Affected | >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.9.0, < 8.9.6 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 9.0.0, < 9.0.6 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.10 |
CVE-2020-13667
|
PHP:DRUPAL-CORE-2020-13667 | Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008 | medium |
2020-09-16T13:57:00
(4 years ago) |
|
Affected | >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.8.0, < 8.8.10 >= 9.0.0, < 9.0.6 >= 8.0.0, < 8.1.0 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.9.0, < 8.9.6 |
CVE-2020-13668
|
PHP:DRUPAL-CORE-2020-13668 | Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009 | medium |
2020-09-16T13:59:00
(4 years ago) |
|
Affected | >= 8.9.0, < 8.9.6 >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 9.0.0, < 9.0.6 >= 8.0.0, < 8.1.0 >= 8.8.0, < 8.8.10 >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 |
CVE-2020-13669
|
PHP:DRUPAL-CORE-2020-13669 | Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010 | medium |
2020-09-16T13:57:00
(4 years ago) |
|
Affected | >= 8.9.0, < 8.9.6 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.0.0, < 8.1.0 >= 9.0.0, < 9.0.6 >= 8.8.0, < 8.8.10 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 |
CVE-2020-13670
|
PHP:DRUPAL-CORE-2020-13670 | Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011 | high |
2020-09-16T13:57:00
(4 years ago) |
|
Affected | >= 9.0.0, < 9.0.8 >= 8.8.0, < 8.8.11 >= 8.0.0, < 8.1.0 >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.9.0, < 8.9.9 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.74 >= 8.4.0, < 8.5.0 |
CVE-2020-13671
|
PHP:DRUPAL-CORE-2020-13671 | Drupal core - Critical - Remote code execution - SA-CORE-2020-012 | high |
2020-11-18T18:02:00
(3 years ago) |
|
Affected | >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.80 >= 8.1.0, < 8.2.0 >= 8.9.0, < 8.9.14 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 9.1.0, < 9.1.7 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.8.0, < 8.9.0 >= 9.0.0, < 9.0.12 >= 8.0.0, < 8.1.0 |
CVE-2020-13672
|
PHP:DRUPAL-CORE-2020-13672 | Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002 | medium |
2021-04-21T18:02:00
(3 years ago) |
|
Affected | >= 8.9.0, < 8.9.16 >= 9.2.0, < 9.2.4 >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.0.0, < 8.1.0 >= 9.0.0, < 9.1.0 >= 8.8.0, < 8.9.0 >= 9.1.0, < 9.1.12 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.8.0 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 | PHP:DRUPAL-CORE-2021-05-26 | Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005 |
2021-08-12T18:02:00
(3 years ago) |
|||
Affected | >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 7.0.0, < 7.80 >= 8.1.0, < 8.2.0 >= 8.9.0, < 8.9.16 >= 8.6.0, < 8.7.0 >= 8.3.0, < 8.4.0 >= 9.1.0, < 9.1.9 >= 8.7.0, < 8.8.0 >= 8.2.0, < 8.3.0 >= 9.0.0, < 9.0.14 >= 8.8.0, < 8.9.0 >= 8.0.0, < 8.1.0 |
CVE-2021-33829
|
PHP:DRUPAL-CORE-2021-33829 | Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003 | medium |
2021-04-21T18:02:00
(3 years ago) |
|
Affected | >= 9.0.0, < 9.1.0 >= 9.2.0, < 9.3.0 >= 8.9.0, < 8.10.0 >= 9.3.0, < 9.3.19 >= 9.4.0, < 9.4.3 >= 7.0.0, < 7.91.0 >= 9.1.0, < 9.2.0 |
CVE-2022-25275
|
PHP:DRUPAL-CORE-2022-25275 | Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012 | high |
2022-07-20T18:00:00
(2 years ago) |
|
Affected | >= 9.0.0, < 9.1.0 >= 9.3.0, < 9.3.19 >= 8.9.0, < 8.10.0 >= 9.2.0, < 9.3.0 >= 9.4.0, < 9.4.3 >= 9.1.0, < 9.2.0 |
CVE-2022-25277
|
PHP:DRUPAL-CORE-2022-25277 | Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014 | high |
2022-07-20T18:00:00
(2 years ago) |
|
Affected | >= 8.0.0, < 9.3.19 >= 9.4.0, < 9.4.3 |
CVE-2022-25278
|
PHP:DRUPAL-CORE-2022-25278 | Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013 | medium |
2022-07-20T10:11:42
(2 years ago) |
|
Affected | >= 8.9.0, < 9.0.0 >= 9.1.0, < 9.2.0 >= 9.5.0, < 10.0.0 >= 8.7.0, < 8.8.0 >= 10.0.0, < 10.1.0 >= 9.4.0, < 9.5.0 >= 8.3.0, < 8.4.0 >= 9.3.0, < 9.4.0 >= 9.2.0, < 9.3.0 >= 8.6.0, < 8.7.0 >= 9.0.0, < 9.1.0 >= 8.4.0, < 8.5.0 >= 8.8.0, < 8.9.0 >= 8.2.0, < 8.3.0 >= 10.1.0, < 10.1.8 >= 8.5.0, < 8.6.0 >= 8.1.0, < 8.2.0 >= 10.2.0, < 10.2.2 >= 8.0.0, < 8.1.0 | PHP:DRUPAL-CORE-2024-01-17 | Drupal core - Moderately critical - Denial of Service |
2024-02-12T18:05:03
(7 months ago) |