Package impact

Packagist / drupal/drupal

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2018-7602	critical	—	10.0				8y ago	A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
CVE-2018-7600	critical	—	10.0				8y ago	Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
CVE-2020-13672	critical	—	9.5				5y ago	Drupal core Cross-site Scripting (XSS) vulnerability
CVE-2016-6211	high	8.8	8.8				10y ago	Drupal Saving user accounts can sometimes grant the user all roles
CVE-2017-6381	high	8.1	8.1				9y ago	Drupal Remote code execution
CVE-2016-3171	high	8.1	8.1				10y ago	Drupal arbitrary code execution
CVE-2016-3169	high	8.1	8.1				10y ago	Drupal saving user accounts can sometimes grant the user all roles
CVE-2016-3162	high	8.1	8.1				10y ago	Drupal File upload access bypass and denial of service
CVE-2021-33829	high	—	8.0				5y ago	ckeditor4 vulnerable to cross-site scripting
CVE-2017-6919	high	7.5	7.5				9y ago	Drupal access control bypass vulnerability
CVE-2017-6379	high	7.5	7.5				9y ago	Drupal Cross-Site Request Forgery (CSRF)
CVE-2017-6377	high	7.5	7.5				9y ago	Drupal editor module incorrectly checks access to inline private files
CVE-2016-9450	high	7.5	7.5				10y ago	Drupal Incorrect cache context on password reset page
CVE-2016-3165	high	7.5	7.5				10y ago	Drupal Form API ignores access restrictions on submit buttons
CVE-2016-3163	high	7.5	7.5				10y ago	Drupal Brute force amplification attacks via XML-RPC
CVE-2016-3167	high	7.4	7.4				10y ago	Drupal Open redirect vulnerability in the drupal_goto function
CVE-2016-3164	high	7.4	7.4				10y ago	Drupal Open Redirect
CVE-2010-3094	low	—	2.1				16y ago	Drupal cross-site scripting vulnerability via actions feature and trigger module