Package impact

Packagist / drupal/core

CVE	Severity	CVSS	Risk	Published	Description
CVE-2020-13666	unknown	—	—	6y ago	Drupal Core Cross-site scripting vulnerability
CVE-2020-13665	unknown	—	—	6y ago	JSON:API PATCH requests may bypass validation for certain fields. By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the `rea…
CVE-2020-13664	unknown	—	—	6y ago	Drupal Core Arbitrary PHP code execution vulnerability
CVE-2020-13663	unknown	—	—	6y ago	Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
CVE-2019-10909	unknown	—	—	7y ago	In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th…
CVE-2017-6923	unknown	—	—	7y ago	Missing Authorization in Drupal
CVE-2019-6342	unknown	—	—	7y ago	Drupal Improper Access Control
CVE-2019-11831	unknown	—	—	7y ago	Directory Traversal in typo3/phar-stream-wrapper
CVE-2019-6341	unknown	—	—	7y ago	Drupal Cross Site Scripting (XSS) vulnerability
CVE-2019-6339	unknown	—	—	8y ago	Arbitrary PHP code execution in Drupal
CVE-2019-6338	unknown	—	—	8y ago	Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data