Package impact

Packagist / drupal/core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2016-6211	high	8.8	8.8	10y ago	Drupal Saving user accounts can sometimes grant the user all roles
CVE-2017-6381	high	8.1	8.1	9y ago	Drupal Remote code execution
CVE-2016-5385	high	8.1	8.1	10y ago	HTTP Proxy header vulnerability	+1
CVE-2016-3171	high	8.1	8.1	10y ago	Drupal arbitrary code execution
CVE-2016-3169	high	8.1	8.1	10y ago	Drupal saving user accounts can sometimes grant the user all roles
CVE-2016-3162	high	8.1	8.1	10y ago	Drupal File upload access bypass and denial of service
CVE-2020-13675	high	—	8.0	5y ago	Unrestricted Upload of File with Dangerous Type in Drupal core
CVE-2020-13673	high	—	8.0	5y ago	The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i…
CVE-2020-13677	high	—	8.0	5y ago	Drupal core access bypass vulnerability
CVE-2020-13676	high	—	8.0	5y ago	Incorrect Authorization in Drupal core
CVE-2020-13674	high	—	8.0	5y ago	Cross-Site Request Forgery in Drupal core
CVE-2021-33829	high	—	8.0	5y ago	ckeditor4 vulnerable to cross-site scripting	+1
CVE-2017-6919	high	7.5	7.5	9y ago	Drupal access control bypass vulnerability
CVE-2017-6379	high	7.5	7.5	9y ago	Drupal Cross-Site Request Forgery (CSRF)
CVE-2017-6377	high	7.5	7.5	9y ago	Drupal editor module incorrectly checks access to inline private files
CVE-2016-9450	high	7.5	7.5	10y ago	Drupal Incorrect cache context on password reset page
CVE-2016-3165	high	7.5	7.5	10y ago	Drupal Form API ignores access restrictions on submit buttons
CVE-2016-3163	high	7.5	7.5	10y ago	Drupal Brute force amplification attacks via XML-RPC
CVE-2011-2687	high	—	7.5	15y ago	Drupal Access Control Bypass
CVE-2016-3167	high	7.4	7.4	10y ago	Drupal Open redirect vulnerability in the drupal_goto function
CVE-2016-3164	high	7.4	7.4	10y ago	Drupal Open Redirect