{"advisories":{"drupal\/core":[{"advisoryId":"PKSA-d8tb-wwz2-ctxk","packageName":"drupal\/core","remoteId":"GHSA-mhpg-hpj5-73r2","title":"Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels","link":"https:\/\/github.com\/advisories\/GHSA-mhpg-hpj5-73r2","cve":"CVE-2025-13083","affectedVersions":"\u003E=7.0,\u003C7.103|\u003E=11.2.0,\u003C11.2.8|\u003E=11.0.0,\u003C11.1.9|\u003E=10.5.0,\u003C10.5.6|\u003E=8.0.0,\u003C10.4.9","source":"GitHub","reportedAt":"2025-11-18 18:32:53","composerRepository":"https:\/\/packagist.org","severity":"low","sources":[{"name":"GitHub","remoteId":"GHSA-mhpg-hpj5-73r2"}]},{"advisoryId":"PKSA-dh1f-zjm5-qg8y","packageName":"drupal\/core","remoteId":"GHSA-h89p-5896-f4q8","title":"Drupal core allows Content Spoofing","link":"https:\/\/github.com\/advisories\/GHSA-h89p-5896-f4q8","cve":"CVE-2025-13082","affectedVersions":"\u003E=11.2.0,\u003C11.2.8|\u003E=11.0.0,\u003C11.1.9|\u003E=10.5.0,\u003C10.5.6|\u003E=8.0.0,\u003C10.4.9","source":"GitHub","reportedAt":"2025-11-18 18:32:53","composerRepository":"https:\/\/packagist.org","severity":"low","sources":[{"name":"GitHub","remoteId":"GHSA-h89p-5896-f4q8"}]},{"advisoryId":"PKSA-bn52-vyzy-rmnm","packageName":"drupal\/core","remoteId":"GHSA-83v7-c2cf-p9c2","title":"Drupal core allows Forceful Browsing","link":"https:\/\/github.com\/advisories\/GHSA-83v7-c2cf-p9c2","cve":"CVE-2025-13080","affectedVersions":"\u003E=11.2.0,\u003C11.2.8|\u003E=11.0.0,\u003C11.1.9|\u003E=10.5.0,\u003C10.5.6|\u003E=8.0.0,\u003C10.4.9","source":"GitHub","reportedAt":"2025-11-18 18:32:53","composerRepository":"https:\/\/packagist.org","severity":"low","sources":[{"name":"GitHub","remoteId":"GHSA-83v7-c2cf-p9c2"}]},{"advisoryId":"PKSA-xj83-g6g8-41vf","packageName":"drupal\/core","remoteId":"GHSA-m6vv-vcj8-w8m7","title":"Drupal core allows Object Injection","link":"https:\/\/github.com\/advisories\/GHSA-m6vv-vcj8-w8m7","cve":"CVE-2025-13081","affectedVersions":"\u003E=11.2.0,\u003C11.2.8|\u003E=11.0.0,\u003C11.1.9|\u003E=10.5.0,\u003C10.5.6|\u003E=8.0.0,\u003C10.4.9","source":"GitHub","reportedAt":"2025-11-18 18:32:53","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-m6vv-vcj8-w8m7"}]},{"advisoryId":"PKSA-s1zc-gcfk-ddw5","packageName":"drupal\/core","remoteId":"GHSA-39g6-x4x8-5jcm","title":"Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages","link":"https:\/\/github.com\/advisories\/GHSA-39g6-x4x8-5jcm","cve":"CVE-2025-3057","affectedVersions":"\u003E=11.1.0,\u003C11.1.3|\u003E=11.0.0,\u003C11.0.12|\u003E=10.4.0,\u003C10.4.3|\u003E=8.0.0,\u003C10.3.13","source":"GitHub","reportedAt":"2025-04-01 00:30:35","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-39g6-x4x8-5jcm"}]},{"advisoryId":"PKSA-ctyc-dmct-npkz","packageName":"drupal\/core","remoteId":"GHSA-2qph-q8xw-gv7q","title":"Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-2qph-q8xw-gv7q","cve":"CVE-2025-31674","affectedVersions":"\u003E=11.1.0,\u003C11.1.3|\u003E=11.0.0,\u003C11.0.12|\u003E=10.4.0,\u003C10.4.3|\u003E=8.0.0,\u003C10.3.13","source":"GitHub","reportedAt":"2025-04-01 00:30:33","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-2qph-q8xw-gv7q"}]},{"advisoryId":"PKSA-42zc-x5ss-z64p","packageName":"drupal\/core","remoteId":"GHSA-m4wj-hhwj-47qp","title":"Drupal Core Cross-Site Scripting (XSS) Vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-m4wj-hhwj-47qp","cve":"CVE-2025-31675","affectedVersions":"\u003E=11.1.0,\u003C11.1.5|\u003E=11.0.0,\u003C11.0.13|\u003E=10.4.0,\u003C10.4.5|\u003E=8.0.0,\u003C10.3.14","source":"GitHub","reportedAt":"2025-04-01 00:30:33","composerRepository":"https:\/\/packagist.org","severity":"low","sources":[{"name":"GitHub","remoteId":"GHSA-m4wj-hhwj-47qp"}]},{"advisoryId":"PKSA-s6zc-mws4-ngh4","packageName":"drupal\/core","remoteId":"GHSA-wpp8-fjgf-pwc7","title":"Drupal Core Vulnerable to Forceful Browsing","link":"https:\/\/github.com\/advisories\/GHSA-wpp8-fjgf-pwc7","cve":"CVE-2025-31673","affectedVersions":"\u003E=11.1.0,\u003C11.1.3|\u003E=11.0.0,\u003C11.0.12|\u003E=10.4.0,\u003C10.4.3|\u003E=8.0.0,\u003C10.3.13","source":"GitHub","reportedAt":"2025-04-01 00:30:33","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-wpp8-fjgf-pwc7"}]},{"advisoryId":"PKSA-xd2s-f2mt-7tf3","packageName":"drupal\/core","remoteId":"GHSA-gvf2-2f4g-jqf4","title":"Drupal core contains a potential PHP Object Injection vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-gvf2-2f4g-jqf4","cve":"CVE-2024-55638","affectedVersions":"\u003E=7.0,\u003C7.102|\u003E=10.3.0,\u003C10.3.9|\u003E=8.8.0,\u003C10.2.11","source":"GitHub","reportedAt":"2024-12-10 00:31:27","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-gvf2-2f4g-jqf4"}]},{"advisoryId":"PKSA-g51h-n1x3-mszr","packageName":"drupal\/core","remoteId":"GHSA-w6rx-9g2x-mg5g","title":"Drupal core contains a potential PHP Object Injection vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-w6rx-9g2x-mg5g","cve":"CVE-2024-55637","affectedVersions":"\u003E=11.0.0,\u003C11.0.8|\u003E=10.3.0,\u003C10.3.9|\u003E=8.8.0,\u003C10.2.11","source":"GitHub","reportedAt":"2024-12-10 00:31:27","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-w6rx-9g2x-mg5g"}]},{"advisoryId":"PKSA-jthw-vxjy-kxnx","packageName":"drupal\/core","remoteId":"GHSA-938f-5r4f-h65v","title":"Drupal core contains a potential PHP Object Injection vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-938f-5r4f-h65v","cve":"CVE-2024-55636","affectedVersions":"\u003E=11.0.0,\u003C11.0.8|\u003E=10.3.0,\u003C10.3.9|\u003E=8.8.0,\u003C10.2.11","source":"GitHub","reportedAt":"2024-12-10 00:31:27","composerRepository":"https:\/\/packagist.org","severity":"low","sources":[{"name":"GitHub","remoteId":"GHSA-938f-5r4f-h65v"}]},{"advisoryId":"PKSA-ts55-c66h-g96n","packageName":"drupal\/core","remoteId":"GHSA-7cwc-fjqm-8vh8","title":"Drupal core Access bypass","link":"https:\/\/github.com\/advisories\/GHSA-7cwc-fjqm-8vh8","cve":"CVE-2024-55634","affectedVersions":"\u003E=11.0.0,\u003C11.0.8|\u003E=10.3.0,\u003C10.3.9|\u003E=8.0.0,\u003C10.2.11","source":"GitHub","reportedAt":"2024-12-10 00:31:27","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-7cwc-fjqm-8vh8"}]},{"advisoryId":"PKSA-yjvc-rnsz-8n3c","packageName":"drupal\/core","remoteId":"GHSA-8mvq-8h2v-j9vf","title":"Drupal Core Cross-Site Scripting (XSS)","link":"https:\/\/github.com\/advisories\/GHSA-8mvq-8h2v-j9vf","cve":"CVE-2024-12393","affectedVersions":"\u003E=11.0.0,\u003C11.0.8|\u003E=10.3.0,\u003C10.3.9|\u003E=8.8.0,\u003C10.2.11","source":"GitHub","reportedAt":"2024-12-10 00:31:26","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-8mvq-8h2v-j9vf"}]},{"advisoryId":"PKSA-q8r5-cgs2-dxxk","packageName":"drupal\/core","remoteId":"GHSA-xq54-x54m-vcpx","title":"Drupal core Denial of Service","link":"https:\/\/github.com\/advisories\/GHSA-xq54-x54m-vcpx","cve":"CVE-2024-11941","affectedVersions":"\u003E=10.2.0,\u003C10.2.2|\u003E=10.1.0,\u003C10.1.8","source":"GitHub","reportedAt":"2024-12-05 15:31:02","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-xq54-x54m-vcpx"}]},{"advisoryId":"PKSA-mh8z-kh9f-vv4z","packageName":"drupal\/core","remoteId":"GHSA-52jr-x6h6-xj6g","title":"Drupal core vulnerable to improper error handling","link":"https:\/\/github.com\/advisories\/GHSA-52jr-x6h6-xj6g","cve":"CVE-2024-11942","affectedVersions":"\u003E=10.0.0,\u003C10.2.10","source":"GitHub","reportedAt":"2024-12-05 15:31:02","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-52jr-x6h6-xj6g"}]},{"advisoryId":"PKSA-styk-3knc-d1bt","packageName":"drupal\/core","remoteId":"GHSA-mg8j-w93w-xjgc","title":"Drupal Full Path Disclosure","link":"https:\/\/github.com\/advisories\/GHSA-mg8j-w93w-xjgc","cve":"CVE-2024-45440","affectedVersions":"\u003E=8.0.0,\u003C10.2.9|\u003E=10.3.0,\u003C10.3.6|\u003E=11.0.0,\u003C11.0.5","source":"GitHub","reportedAt":"2024-08-29 12:31:05","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-mg8j-w93w-xjgc"}]},{"advisoryId":"PKSA-2gfj-5sh8-j3c5","packageName":"drupal\/core","remoteId":"drupal\/core\/2024-01-17.yaml","title":"Drupal core - Moderately critical - Denial of Service","link":"https:\/\/www.drupal.org\/sa-core-2024-001","cve":null,"affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.9.0|\u003E=8.9.0,\u003C9.0.0|\u003E=9.0.0,\u003C9.1.0|\u003E=9.1.0,\u003C9.2.0|\u003E=9.2.0,\u003C9.3.0|\u003E=9.3.0,\u003C9.4.0|\u003E=9.4.0,\u003C9.5.0|\u003E=9.5.0,\u003C10.0.0|\u003E=10.0.0,\u003C10.1.0|\u003E=10.1.0,\u003C10.1.8|\u003E=10.2.0,\u003C10.2.2","source":"FriendsOfPHP\/security-advisories","reportedAt":"2024-01-17 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2024-01-17.yaml"},{"name":"GitHub","remoteId":"GHSA-f84q-mgj9-8jfc"}]},{"advisoryId":"PKSA-qvwm-3y4s-nttg","packageName":"drupal\/core","remoteId":"GHSA-62cf-jvpp-48q6","title":"Drupal Denial of Service vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-62cf-jvpp-48q6","cve":"CVE-2024-22362","affectedVersions":"=9.3.6","source":"GitHub","reportedAt":"2024-01-16 06:30:30","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-62cf-jvpp-48q6"}]},{"advisoryId":"PKSA-my7h-svxh-5q3g","packageName":"drupal\/core","remoteId":"GHSA-rjqg-3h9m-fx5x","title":"Cache poisoning in drupal\/core","link":"https:\/\/github.com\/advisories\/GHSA-rjqg-3h9m-fx5x","cve":"CVE-2023-5256","affectedVersions":"\u003E=10.1.0,\u003C10.1.4|\u003E=10.0.0,\u003C10.0.11|\u003E=8.7.0,\u003C9.5.11","source":"GitHub","reportedAt":"2023-09-28 21:30:58","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"GitHub","remoteId":"GHSA-rjqg-3h9m-fx5x"}]},{"advisoryId":"PKSA-h7d4-5mdz-2965","packageName":"drupal\/core","remoteId":"GHSA-8849-cv9f-vccm","title":"Access bypass in Drupal core","link":"https:\/\/github.com\/advisories\/GHSA-8849-cv9f-vccm","cve":"CVE-2023-31250","affectedVersions":"\u003E=7.0.0,\u003C7.96|\u003E=9.0.0,\u003C9.4.14|\u003E=9.5.0,\u003C9.5.8|\u003E=10.0.0,\u003C10.0.8","source":"GitHub","reportedAt":"2023-04-26 21:30:37","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"GitHub","remoteId":"GHSA-8849-cv9f-vccm"}]},{"advisoryId":"PKSA-fpcy-trdp-tpy2","packageName":"drupal\/core","remoteId":"GHSA-g36h-4jr6-qmm9","title":"Improper input validation in Drupal core","link":"https:\/\/github.com\/advisories\/GHSA-g36h-4jr6-qmm9","cve":"CVE-2022-25273","affectedVersions":"\u003E=9.3.0,\u003C9.3.12|\u003E=8.0.0,\u003C9.2.18","source":"GitHub","reportedAt":"2023-04-26 15:30:21","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-g36h-4jr6-qmm9"}]},{"advisoryId":"PKSA-zbq2-x219-h8gz","packageName":"drupal\/core","remoteId":"GHSA-7jr4-hgqx-vwgq","title":"Access bypass in Drupal core","link":"https:\/\/github.com\/advisories\/GHSA-7jr4-hgqx-vwgq","cve":"CVE-2022-25274","affectedVersions":"\u003E=9.3.0,\u003C9.3.12","source":"GitHub","reportedAt":"2023-04-26 15:30:21","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-7jr4-hgqx-vwgq"}]},{"advisoryId":"PKSA-4j5n-cxxv-ptjc","packageName":"drupal\/core","remoteId":"GHSA-4wfq-jc9h-vpcx","title":"Lack of domain validation in Druple core","link":"https:\/\/github.com\/advisories\/GHSA-4wfq-jc9h-vpcx","cve":"CVE-2022-25276","affectedVersions":"\u003E=9.4.0,\u003C9.4.3|\u003E=8.0.0,\u003C9.3.19","source":"GitHub","reportedAt":"2023-04-26 15:30:21","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-4wfq-jc9h-vpcx"}]},{"advisoryId":"PKSA-7q72-qds7-4xyv","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2022-25277.yaml","title":"Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014","link":"https:\/\/www.drupal.org\/sa-core-2022-014","cve":"CVE-2022-25277","affectedVersions":"\u003E=8.9.0,\u003C8.10.0|\u003E=9.0.0,\u003C9.1.0|\u003E=9.1.0,\u003C9.2.0|\u003E=9.2.0,\u003C9.3.0|\u003E=9.3.0,\u003C9.3.19|\u003E=9.4.0,\u003C9.4.3","source":"FriendsOfPHP\/security-advisories","reportedAt":"2022-07-20 18:00:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2022-25277.yaml"},{"name":"GitHub","remoteId":"GHSA-6955-67hm-vjjq"}]},{"advisoryId":"PKSA-hy6y-p19f-b5kf","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2022-25275.yaml","title":"Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012","link":"https:\/\/www.drupal.org\/sa-core-2022-012","cve":"CVE-2022-25275","affectedVersions":"\u003E=7.0.0,\u003C7.91.0|\u003E=8.9.0,\u003C8.10.0|\u003E=9.0.0,\u003C9.1.0|\u003E=9.1.0,\u003C9.2.0|\u003E=9.2.0,\u003C9.3.0|\u003E=9.3.0,\u003C9.3.19|\u003E=9.4.0,\u003C9.4.3","source":"FriendsOfPHP\/security-advisories","reportedAt":"2022-07-20 18:00:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2022-25275.yaml"},{"name":"GitHub","remoteId":"GHSA-xh3v-6f9j-wxw3"}]},{"advisoryId":"PKSA-gkkw-qh7h-5181","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2022-25278.yaml","title":"Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013","link":"https:\/\/www.drupal.org\/sa-core-2022-013","cve":"CVE-2022-25278","affectedVersions":"\u003E=8.0.0,\u003C9.3.19|\u003E=9.4.0,\u003C9.4.3","source":"FriendsOfPHP\/security-advisories","reportedAt":"2022-07-20 10:11:30","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2022-25278.yaml"},{"name":"GitHub","remoteId":"GHSA-cfh2-7f6h-3m85"}]},{"advisoryId":"PKSA-cp8p-f15s-htbt","packageName":"drupal\/core","remoteId":"GHSA-qf2g-mrrx-rr5p","title":"Drupal Core Cross-site scripting vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-qf2g-mrrx-rr5p","cve":"CVE-2020-13688","affectedVersions":"\u003E=9.0.0,\u003C9.0.6|\u003E=8.9.0,\u003C8.9.6|\u003E=8.8.0,\u003C8.8.10","source":"GitHub","reportedAt":"2022-05-24 19:05:11","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-qf2g-mrrx-rr5p"}]},{"advisoryId":"PKSA-68wn-mr94-31fx","packageName":"drupal\/core","remoteId":"GHSA-96vx-qf28-6f8m","title":"Drupal Access Control Bypass","link":"https:\/\/github.com\/advisories\/GHSA-96vx-qf28-6f8m","cve":"CVE-2011-2687","affectedVersions":"\u003E=7.0,\u003C7.3","source":"GitHub","reportedAt":"2022-05-17 04:08:31","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-96vx-qf28-6f8m"}]},{"advisoryId":"PKSA-qstq-fjvw-qh5n","packageName":"drupal\/core","remoteId":"GHSA-66gr-xrcf-8jpq","title":"Drupal Open Redirect","link":"https:\/\/github.com\/advisories\/GHSA-66gr-xrcf-8jpq","cve":"CVE-2016-9451","affectedVersions":"\u003E=8.0,\u003C8.2.3|\u003E=7.0,\u003C7.52","source":"GitHub","reportedAt":"2022-05-17 03:05:27","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-66gr-xrcf-8jpq"}]},{"advisoryId":"PKSA-5r5b-6tcy-jmyg","packageName":"drupal\/core","remoteId":"GHSA-hcq9-hmgf-6qr9","title":"Drupal SQL Injection vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-hcq9-hmgf-6qr9","cve":"CVE-2011-2715","affectedVersions":"=6.20","source":"GitHub","reportedAt":"2022-04-22 00:24:21","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"GitHub","remoteId":"GHSA-hcq9-hmgf-6qr9"}]},{"advisoryId":"PKSA-zw1x-xjv3-n4kr","packageName":"drupal\/core","remoteId":"GHSA-qp8q-gwf5-hqh2","title":"Drupal Cross-Site Scripting vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-qp8q-gwf5-hqh2","cve":"CVE-2011-2714","affectedVersions":"=6.20","source":"GitHub","reportedAt":"2022-04-22 00:24:21","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-qp8q-gwf5-hqh2"}]},{"advisoryId":"PKSA-72rg-qbp7-873g","packageName":"drupal\/core","remoteId":"GHSA-fmfv-x8mp-5767","title":"Improper input validation in Drupal core","link":"https:\/\/github.com\/advisories\/GHSA-fmfv-x8mp-5767","cve":"CVE-2022-25271","affectedVersions":"\u003E=7.0.0,\u003C7.88|\u003E=8.0.0,\u003C9.2.13|\u003E=9.3.0,\u003C9.3.6","source":"GitHub","reportedAt":"2022-02-18 00:00:37","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-fmfv-x8mp-5767"}]},{"advisoryId":"PKSA-2tvs-gcpz-cmm6","packageName":"drupal\/core","remoteId":"GHSA-73q4-j324-2qcc","title":"Incorrect authorization in Drupal core","link":"https:\/\/github.com\/advisories\/GHSA-73q4-j324-2qcc","cve":"CVE-2022-25270","affectedVersions":"\u003E=8.0.0,\u003C9.2.13|\u003E=9.3.0,\u003C9.3.6","source":"GitHub","reportedAt":"2022-02-18 00:00:36","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-73q4-j324-2qcc"}]},{"advisoryId":"PKSA-46zx-gs68-q4zv","packageName":"drupal\/core","remoteId":"GHSA-v8wr-r69p-mmwx","title":"Unrestricted Upload of File with Dangerous Type in Drupal core","link":"https:\/\/github.com\/advisories\/GHSA-v8wr-r69p-mmwx","cve":"CVE-2020-13675","affectedVersions":"\u003E=8.0.0,\u003C8.9.19|\u003E=9.2.0,\u003C9.2.6|\u003E=9.1.0,\u003C9.1.13","source":"GitHub","reportedAt":"2022-02-12 00:00:47","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"GitHub","remoteId":"GHSA-v8wr-r69p-mmwx"}]},{"advisoryId":"PKSA-4q53-3jd6-45wg","packageName":"drupal\/core","remoteId":"GHSA-j586-cj67-vg4p","title":"Cross-Site Request Forgery in Drupal core","link":"https:\/\/github.com\/advisories\/GHSA-j586-cj67-vg4p","cve":"CVE-2020-13674","affectedVersions":"\u003E=8.0.0,\u003C8.9.19|\u003E=9.2.0,\u003C9.2.6|\u003E=9.1.0,\u003C9.1.13","source":"GitHub","reportedAt":"2022-02-12 00:00:47","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-j586-cj67-vg4p"}]},{"advisoryId":"PKSA-njy4-5vnq-bx5f","packageName":"drupal\/core","remoteId":"GHSA-3xr3-phjp-g6p2","title":"Drupal core access bypass vulnerability","link":"https:\/\/github.com\/advisories\/GHSA-3xr3-phjp-g6p2","cve":"CVE-2020-13677","affectedVersions":"\u003E=9.2.0,\u003C9.2.6|\u003E=9.1.0,\u003C9.1.13|\u003E=8.0.0,\u003C8.9.19","source":"GitHub","reportedAt":"2022-02-12 00:00:46","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"GitHub","remoteId":"GHSA-3xr3-phjp-g6p2"}]},{"advisoryId":"PKSA-s6ck-qn9j-xnqf","packageName":"drupal\/core","remoteId":"GHSA-qfhg-m6r8-xxpj","title":"Incorrect Authorization in Drupal core","link":"https:\/\/github.com\/advisories\/GHSA-qfhg-m6r8-xxpj","cve":"CVE-2020-13676","affectedVersions":"\u003E=8.0.0,\u003C8.9.19|\u003E=9.2.0,\u003C9.2.6|\u003E=9.1.0,\u003C9.1.13","source":"GitHub","reportedAt":"2022-02-12 00:00:46","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"GitHub","remoteId":"GHSA-qfhg-m6r8-xxpj"}]},{"advisoryId":"PKSA-6dxs-yv9z-8twp","packageName":"drupal\/core","remoteId":"drupal\/core\/2021-05-26.yaml","title":"Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005","link":"https:\/\/www.drupal.org\/sa-core-2021-005","cve":null,"affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.9.0|\u003E=8.9.0,\u003C8.9.16|\u003E=9.0.0,\u003C9.1.0|\u003E=9.1.0,\u003C9.1.12|\u003E=9.2.0,\u003C9.2.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2021-05-26 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2021-05-26.yaml"},{"name":"GitHub","remoteId":"GHSA-7f4f-p7mq-p4fv"}]},{"advisoryId":"PKSA-bc4x-jnrh-4k6w","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2021-33829.yaml","title":"Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003","link":"https:\/\/www.drupal.org\/sa-core-2021-003","cve":"CVE-2021-33829","affectedVersions":"\u003E=7.0.0,\u003C7.80|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.9.0|\u003E=8.9.0,\u003C8.9.16|\u003E=9.0.0,\u003C9.0.14|\u003E=9.1.0,\u003C9.1.9","source":"FriendsOfPHP\/security-advisories","reportedAt":"2021-04-21 18:02:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2021-33829.yaml"},{"name":"GitHub","remoteId":"GHSA-rgx6-rjj4-c388"}]},{"advisoryId":"PKSA-7zvx-63nf-7nkj","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13672.yaml","title":"Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002","link":"https:\/\/www.drupal.org\/sa-core-2021-002","cve":"CVE-2020-13672","affectedVersions":"\u003E=7.0.0,\u003C7.80|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.9.0|\u003E=8.9.0,\u003C8.9.14|\u003E=9.0.0,\u003C9.0.12|\u003E=9.1.0,\u003C9.1.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2021-04-21 18:02:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13672.yaml"},{"name":"GitHub","remoteId":"GHSA-3m36-mjwj-352c"}]},{"advisoryId":"PKSA-kjgx-r4v3-961f","packageName":"drupal\/core","remoteId":"drupal\/core\/2020-11-25.yaml","title":"Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013","link":"https:\/\/www.drupal.org\/sa-core-2020-013","cve":null,"affectedVersions":"\u003E=7.0.0,\u003C7.74|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.11|\u003E=8.9.0,\u003C8.9.9|\u003E=9.0.0,\u003C9.0.8","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-11-25 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2020-11-25.yaml"},{"name":"GitHub","remoteId":"GHSA-gfvf-2f25-f34r"}]},{"advisoryId":"PKSA-77t6-rxnw-bfjm","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13671.yaml","title":"Drupal core - Critical - Remote code execution - SA-CORE-2020-012","link":"https:\/\/www.drupal.org\/sa-core-2020-012","cve":"CVE-2020-13671","affectedVersions":"\u003E=7.0.0,\u003C7.74|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.11|\u003E=8.9.0,\u003C8.9.9|\u003E=9.0.0,\u003C9.0.8","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-11-18 18:02:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13671.yaml"},{"name":"GitHub","remoteId":"GHSA-68jc-v27h-vhmw"}]},{"advisoryId":"PKSA-jknr-sjbw-zn24","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13667.yaml","title":"Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008","link":"https:\/\/www.drupal.org\/sa-core-2020-008","cve":"CVE-2020-13667","affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.10|\u003E=8.9.0,\u003C8.9.6|\u003E=9.0.0,\u003C9.0.6","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-09-16 13:56:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13667.yaml"},{"name":"GitHub","remoteId":"GHSA-x2q9-r8gm-f657"}]},{"advisoryId":"PKSA-1k26-dn58-yzpc","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13668.yaml","title":"Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009","link":"https:\/\/www.drupal.org\/sa-core-2020-009","cve":"CVE-2020-13668","affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.10|\u003E=8.9.0,\u003C8.9.6|\u003E=9.0.0,\u003C9.0.6","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-09-16 13:56:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13668.yaml"},{"name":"GitHub","remoteId":"GHSA-m6q5-wv4x-fv6h"}]},{"advisoryId":"PKSA-69gr-9b59-5f99","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13669.yaml","title":"Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010","link":"https:\/\/www.drupal.org\/sa-core-2020-010","cve":"CVE-2020-13669","affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.10|\u003E=8.9.0,\u003C8.9.6|\u003E=9.0.0,\u003C9.0.6","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-09-16 13:56:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13669.yaml"},{"name":"GitHub","remoteId":"GHSA-c533-c843-67h8"}]},{"advisoryId":"PKSA-c6qk-kgrx-8q42","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13666.yaml","title":"Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007","link":"https:\/\/www.drupal.org\/sa-core-2020-007","cve":"CVE-2020-13666","affectedVersions":"\u003E=7.0.0,\u003C7.73|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.10|\u003E=8.9.0,\u003C8.9.6|\u003E=9.0.0,\u003C9.0.6","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-09-16 13:56:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13666.yaml"},{"name":"GitHub","remoteId":"GHSA-8jj2-x2gc-ggm7"}]},{"advisoryId":"PKSA-ggc3-34xd-zmzd","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13670.yaml","title":"Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011","link":"https:\/\/www.drupal.org\/sa-core-2020-011","cve":"CVE-2020-13670","affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.10|\u003E=8.9.0,\u003C8.9.6|\u003E=9.0.0,\u003C9.0.6","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-09-16 13:56:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13670.yaml"},{"name":"GitHub","remoteId":"GHSA-mmjr-5q74-p3m4"}]},{"advisoryId":"PKSA-j215-hxck-vk25","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13663.yaml","title":"Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004","link":"https:\/\/www.drupal.org\/sa-core-2020-004","cve":"CVE-2020-13663","affectedVersions":"\u003E=7.0.0,\u003C7.72|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.8|\u003E=8.9.0,\u003C8.9.1|\u003E=9.0.0,\u003C9.0.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-06-17 13:56:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13663.yaml"},{"name":"GitHub","remoteId":"GHSA-m648-hpf8-qcjw"}]},{"advisoryId":"PKSA-jkzg-rr1r-vmvy","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13664.yaml","title":"Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005","link":"https:\/\/www.drupal.org\/sa-core-2020-005","cve":"CVE-2020-13664","affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.8|\u003E=8.9.0,\u003C8.9.1|\u003E=9.0.0,\u003C9.0.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-06-17 13:56:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13664.yaml"},{"name":"GitHub","remoteId":"GHSA-x72f-ggjw-v5xh"}]},{"advisoryId":"PKSA-5wmm-s575-4sjg","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13665.yaml","title":"Drupal core - Less critical - Access bypass - SA-CORE-2020-006","link":"https:\/\/www.drupal.org\/sa-core-2020-006","cve":"CVE-2020-13665","affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.8.0|\u003E=8.8.0,\u003C8.8.8|\u003E=8.9.0,\u003C8.9.1|\u003E=9.0.0,\u003C9.0.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-06-17 13:56:00","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13665.yaml"},{"name":"GitHub","remoteId":"GHSA-wxqp-jwc9-g39x"}]},{"advisoryId":"PKSA-yxnf-v37t-gh27","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2020-13662.yaml","title":"Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002","link":"https:\/\/www.drupal.org\/sa-core-2020-002","cve":"CVE-2020-13662","affectedVersions":"\u003E=7.0.0,\u003C7.70|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.7.14|\u003E=8.8.0,\u003C8.8.6","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-05-20 13:37:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2020-13662.yaml"},{"name":"GitHub","remoteId":"GHSA-gjqg-9rhv-qj67"}]},{"advisoryId":"PKSA-fgjt-rhbh-zczj","packageName":"drupal\/core","remoteId":"drupal\/core\/2020-05-20-1.yaml","title":"Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003","link":"https:\/\/www.drupal.org\/sa-core-2020-003","cve":null,"affectedVersions":"\u003E=7.0.0,\u003C7.70","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-05-20 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2020-05-20-1.yaml"},{"name":"GitHub","remoteId":"GHSA-v273-j5hq-26xp"}]},{"advisoryId":"PKSA-rb2t-qsk8-f792","packageName":"drupal\/core","remoteId":"drupal\/core\/2020-03-18.yaml","title":"Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001","link":"https:\/\/www.drupal.org\/sa-core-2020-001","cve":null,"affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.7.12|\u003E=8.8.0,\u003C8.8.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2020-03-18 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2020-03-18.yaml"},{"name":"GitHub","remoteId":"GHSA-mh4h-27gq-cxwj"}]},{"advisoryId":"PKSA-vcbr-zg2g-wfsp","packageName":"drupal\/core","remoteId":"drupal\/core\/2019-12-18-3.yaml","title":"Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011","link":"https:\/\/www.drupal.org\/sa-core-2019-011","cve":null,"affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.7.11|\u003E=8.8.0,\u003C8.8.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-12-18 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2019-12-18-3.yaml"},{"name":"GitHub","remoteId":"GHSA-6mgp-v5cm-ghg5"}]},{"advisoryId":"PKSA-n8hw-tywm-xrh7","packageName":"drupal\/core","remoteId":"drupal\/core\/2019-12-18-1.yaml","title":"Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009","link":"https:\/\/www.drupal.org\/sa-core-2019-009","cve":null,"affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.7.11|\u003E=8.8.0,\u003C8.8.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-12-18 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2019-12-18-1.yaml"},{"name":"GitHub","remoteId":"GHSA-7v68-3pr5-h3cr"}]},{"advisoryId":"PKSA-mw8j-f3jc-m8zf","packageName":"drupal\/core","remoteId":"drupal\/core\/2019-12-18-4.yaml","title":"Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012","link":"https:\/\/www.drupal.org\/sa-core-2019-012","cve":null,"affectedVersions":"\u003E=7.0.0,\u003C7.69|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.7.11|\u003E=8.8.0,\u003C8.8.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-12-18 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2019-12-18-4.yaml"},{"name":"GitHub","remoteId":"GHSA-pr99-c33p-fwf6"}]},{"advisoryId":"PKSA-xv6s-sqg3-tq2g","packageName":"drupal\/core","remoteId":"drupal\/core\/2019-12-18-2.yaml","title":"Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010","link":"https:\/\/www.drupal.org\/sa-core-2019-010","cve":null,"affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.7.0|\u003E=8.7.0,\u003C8.7.11|\u003E=8.8.0,\u003C8.8.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-12-18 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2019-12-18-2.yaml"},{"name":"GitHub","remoteId":"GHSA-7gwj-7fhm-vw4w"}]},{"advisoryId":"PKSA-xbwh-v6zk-1jcf","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2019-6342.yaml","title":"Critical - Access bypass","link":"https:\/\/www.drupal.org\/sa-core-2019-008","cve":"CVE-2019-6342","affectedVersions":"\u003E8.7.3,\u003C8.7.5","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-07-16 16:24:00","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2019-6342.yaml"},{"name":"GitHub","remoteId":"GHSA-xq62-62c9-22mg"}]},{"advisoryId":"PKSA-75yj-2hm1-2ffx","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2019-11831.yaml","title":"Moderately critical - Third-party libraries - SA-CORE-2019-007","link":"https:\/\/www.drupal.org\/SA-CORE-2019-007","cve":"CVE-2019-11831","affectedVersions":"\u003E=7.0.0,\u003C7.67.0|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.6.0|\u003E=8.6.0,\u003C8.6.16|\u003E=8.7.0,\u003C8.7.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-05-08 17:41:00","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2019-11831.yaml"},{"name":"GitHub","remoteId":"GHSA-xv7v-rf6g-xwrc"}]},{"advisoryId":"PKSA-q3jn-2tvt-kmzh","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2019-10909.yaml","title":"Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005","link":"https:\/\/www.drupal.org\/sa-core-2019-005","cve":"CVE-2019-10909","affectedVersions":"\u003E=7.0,\u003C7.65|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.14|\u003E=8.6.0,\u003C8.6.14","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-04-17 22:31:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2019-10909.yaml"},{"name":"GitHub","remoteId":"GHSA-g996-q5r8-w7g2"}]},{"advisoryId":"PKSA-ycp7-r1gf-k17h","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2019-6341.yaml","title":"Moderately critical - Cross Site Scripting - SA-CORE-2019-004","link":"https:\/\/www.drupal.org\/SA-CORE-2019-004","cve":"CVE-2019-6341","affectedVersions":"\u003E=7.0.0,\u003C7.65.0|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.14|\u003E=8.6.0,\u003C8.6.13","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-03-20 17:41:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2019-6341.yaml"},{"name":"GitHub","remoteId":"GHSA-cmmh-8mwp-gq5p"}]},{"advisoryId":"PKSA-18ct-8ggk-h581","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2019-6340.yaml","title":"Highly critical - Remote Code Execution","link":"https:\/\/www.drupal.org\/SA-CORE-2019-003","cve":"CVE-2019-6340","affectedVersions":"\u003E=7.0.0,\u003C7.62.0|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.11|\u003E=8.6.0,\u003C8.6.10","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-02-20 17:41:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2019-6340.yaml"},{"name":"GitHub","remoteId":"GHSA-3gx6-h57h-rm27"}]},{"advisoryId":"PKSA-tqjg-2d31-rxds","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2019-6338.yaml","title":"Critical - Third Party Libraries","link":"https:\/\/www.drupal.org\/sa-core-2019-001","cve":"CVE-2019-6338","affectedVersions":"\u003E=7.0.0,\u003C7.62.0|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.9|\u003E=8.6.0,\u003C8.6.6","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-01-15 17:41:00","composerRepository":"https:\/\/packagist.org","severity":null,"sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2019-6338.yaml"}]},{"advisoryId":"PKSA-9n1q-yjxq-ntxd","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2019-6339.yaml","title":"Critical - Arbitrary PHP code execution","link":"https:\/\/www.drupal.org\/sa-core-2019-002","cve":"CVE-2019-6339","affectedVersions":"\u003E=7.0.0,\u003C7.62.0|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.9|\u003E=8.6.0,\u003C8.6.6","source":"FriendsOfPHP\/security-advisories","reportedAt":"2019-01-15 17:41:00","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2019-6339.yaml"},{"name":"GitHub","remoteId":"GHSA-8cw5-rv98-5c46"}]},{"advisoryId":"PKSA-7ptn-7539-yr8y","packageName":"drupal\/core","remoteId":"drupal\/core\/2018-10-17-1.yaml","title":"Content moderation - Moderately critical - Access bypass","link":"https:\/\/www.drupal.org\/sa-core-2018-006","cve":null,"affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.8|\u003E=8.6.0,\u003C8.6.2","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-10-17 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2018-10-17-1.yaml"},{"name":"GitHub","remoteId":"GHSA-98h9-727m-44qv"}]},{"advisoryId":"PKSA-mkhd-5d73-ftb7","packageName":"drupal\/core","remoteId":"drupal\/core\/2018-10-17-5.yaml","title":"Contextual Links validation - Critical - Remote Code Execution","link":"https:\/\/www.drupal.org\/sa-core-2018-006","cve":null,"affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.8|\u003E=8.6.0,\u003C8.6.2","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-10-17 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2018-10-17-5.yaml"},{"name":"GitHub","remoteId":"GHSA-6gf6-24h2-66j4"}]},{"advisoryId":"PKSA-1723-b3b5-yrdh","packageName":"drupal\/core","remoteId":"drupal\/core\/2018-10-17-3.yaml","title":"Anonymous Open Redirect - Moderately Critical - Open Redirect","link":"https:\/\/www.drupal.org\/sa-core-2018-006","cve":null,"affectedVersions":"\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.8|\u003E=8.6.0,\u003C8.6.2","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-10-17 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2018-10-17-3.yaml"},{"name":"GitHub","remoteId":"GHSA-gxxj-g9v8-w28p"}]},{"advisoryId":"PKSA-254t-dtnb-4ybb","packageName":"drupal\/core","remoteId":"drupal\/core\/2018-10-17-2.yaml","title":"External URL injection through URL aliases - Moderately Critical - Open Redirect","link":"https:\/\/www.drupal.org\/sa-core-2018-006","cve":null,"affectedVersions":"\u003E=7.0,\u003C7.60|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.8|\u003E=8.6.0,\u003C8.6.2","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-10-17 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2018-10-17-2.yaml"},{"name":"GitHub","remoteId":"GHSA-vfgc-c76h-mwh4"}]},{"advisoryId":"PKSA-mhgf-dg9m-23xj","packageName":"drupal\/core","remoteId":"drupal\/core\/2018-10-17-4.yaml","title":"Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution","link":"https:\/\/www.drupal.org\/sa-core-2018-006","cve":null,"affectedVersions":"\u003E=7.0,\u003C7.60|\u003E=8.0.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.5.0|\u003E=8.5.0,\u003C8.5.8|\u003E=8.6.0,\u003C8.6.2","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-10-17 00:00:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/2018-10-17-4.yaml"},{"name":"GitHub","remoteId":"GHSA-6ccv-8fgf-cjpw"}]},{"advisoryId":"PKSA-xw62-8xjy-mc59","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2018-7602.yaml","title":"Critical - Remote Code Execution","link":"https:\/\/www.drupal.org\/sa-core-2018-004","cve":"CVE-2018-7602","affectedVersions":"\u003E=7.0,\u003C7.59|\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4,\u003C8.4.8|\u003E=8.5,\u003C8.5.3","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-04-25 16:39:00","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2018-7602.yaml"},{"name":"GitHub","remoteId":"GHSA-297x-j9pm-xjgg"}]},{"advisoryId":"PKSA-214d-s1bc-j16m","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2018-9861.yaml","title":"Moderately critical - Cross Site Scripting","link":"https:\/\/www.drupal.org\/sa-core-2018-003","cve":"CVE-2018-9861","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4,\u003C8.4.7|\u003E=8.5,\u003C8.5.2","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-04-18 17:53:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2018-9861.yaml"},{"name":"GitHub","remoteId":"GHSA-g78h-pf65-46rv"}]},{"advisoryId":"PKSA-hcrx-hx8t-7n3g","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2018-7600.yaml","title":"Highly critical - Remote Code Execution","link":"https:\/\/www.drupal.org\/sa-core-2018-002","cve":"CVE-2018-7600","affectedVersions":"\u003E=7.0,\u003C7.58|\u003E=8.0,\u003C8.3.9|\u003E=8.4,\u003C8.4.6|\u003E=8.5,\u003C8.5.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-03-28 19:30:00","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2018-7600.yaml"},{"name":"GitHub","remoteId":"GHSA-7fh9-933g-885p"}]},{"advisoryId":"PKSA-qdmw-yrmc-qbbd","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6927.yaml","title":"JavaScript cross-site scripting prevention is incomplete.","link":"https:\/\/www.drupal.org\/SA-CORE-2018-001","cve":"CVE-2017-6927","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.4.5","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-02-20 21:35:13","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6927.yaml"},{"name":"GitHub","remoteId":"GHSA-585j-5449-mf5m"}]},{"advisoryId":"PKSA-tkp1-mpmp-xyj4","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6926.yaml","title":"Comment reply form allows access to restricted content.","link":"https:\/\/www.drupal.org\/SA-CORE-2018-001","cve":"CVE-2017-6926","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.4.5","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-02-20 21:35:13","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6926.yaml"},{"name":"GitHub","remoteId":"GHSA-2p28-5mvp-2j2r"}]},{"advisoryId":"PKSA-rm5p-gw4d-nq88","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6932.yaml","title":"External link injection on 404 pages when linking to the current page.","link":"https:\/\/www.drupal.org\/SA-CORE-2018-001","cve":"CVE-2017-6932","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.4.5","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-02-20 21:35:13","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6932.yaml"},{"name":"GitHub","remoteId":"GHSA-wm86-w3cf-h6vm"}]},{"advisoryId":"PKSA-719r-5gyf-y5cc","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6930.yaml","title":"Language fallback can be incorrect on multilingual sites with node access restrictions.","link":"https:\/\/www.drupal.org\/SA-CORE-2018-001","cve":"CVE-2017-6930","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.4.5","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-02-20 21:35:13","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6930.yaml"},{"name":"GitHub","remoteId":"GHSA-3327-jr93-7hq3"}]},{"advisoryId":"PKSA-vbh8-z5f3-8qxw","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6931.yaml","title":"Settings Tray access bypass.","link":"https:\/\/www.drupal.org\/SA-CORE-2018-001","cve":"CVE-2017-6931","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.4.5","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-02-20 21:35:13","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6931.yaml"},{"name":"GitHub","remoteId":"GHSA-7ffh-cjvg-fpr4"}]},{"advisoryId":"PKSA-7mx7-kjj6-v7gb","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6928.yaml","title":"Private file access bypass.","link":"https:\/\/www.drupal.org\/SA-CORE-2018-001","cve":"CVE-2017-6928","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.4.5","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-02-20 21:35:13","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6928.yaml"},{"name":"GitHub","remoteId":"GHSA-66mv-q8r2-hj8w"}]},{"advisoryId":"PKSA-t9z9-bcb2-5zhs","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6929.yaml","title":"jQuery vulnerability with untrusted domains.","link":"https:\/\/www.drupal.org\/SA-CORE-2018-001","cve":"CVE-2017-6929","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.4.0|\u003E=8.4.0,\u003C8.4.5","source":"FriendsOfPHP\/security-advisories","reportedAt":"2018-02-20 21:35:13","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6929.yaml"},{"name":"GitHub","remoteId":"GHSA-5vpr-v24w-mmjj"}]},{"advisoryId":"PKSA-1z5n-zfyy-wgfb","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6923.yaml","title":"Views does not properly restrict access to the Ajax endpoint.","link":"https:\/\/www.drupal.org\/SA-CORE-2017-004","cve":"CVE-2017-6923","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.3.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-08-16 17:10:35","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6923.yaml"},{"name":"GitHub","remoteId":"GHSA-v3f6-f29f-rgvp"}]},{"advisoryId":"PKSA-tpkb-65dd-h1sr","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6924.yaml","title":"REST API can bypass comment approval.","link":"https:\/\/www.drupal.org\/SA-CORE-2017-004","cve":"CVE-2017-6924","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.3.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-08-16 17:10:35","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6924.yaml"},{"name":"GitHub","remoteId":"GHSA-p8g6-5mg7-9r5q"}]},{"advisoryId":"PKSA-t6j8-kjhk-561m","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6925.yaml","title":"Entity access bypass for entities that do not have UUIDs or have protected revisions.","link":"https:\/\/www.drupal.org\/SA-CORE-2017-004","cve":"CVE-2017-6925","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.3.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-08-16 17:10:35","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6925.yaml"},{"name":"GitHub","remoteId":"GHSA-f4qx-jqfq-7785"}]},{"advisoryId":"PKSA-m9t7-ggb8-t5fn","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6921.yaml","title":"File REST resource does not properly validate","link":"https:\/\/www.drupal.org\/SA-CORE-2017-003","cve":"CVE-2017-6921","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.3.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-06-21 18:13:27","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6921.yaml"},{"name":"GitHub","remoteId":"GHSA-h377-287m-w2r9"}]},{"advisoryId":"PKSA-9xbc-spnf-z7nb","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6922.yaml","title":"Files uploaded by anonymous users into a private file system can be accessed by other anonymous users","link":"https:\/\/www.drupal.org\/SA-CORE-2017-003","cve":"CVE-2017-6922","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.3.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-06-21 18:13:27","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6922.yaml"},{"name":"GitHub","remoteId":"GHSA-58f3-cx8p-h8jg"}]},{"advisoryId":"PKSA-vwz4-b3n9-6cwf","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6920.yaml","title":"PECL YAML parser unsafe object handling","link":"https:\/\/www.drupal.org\/SA-CORE-2017-003","cve":"CVE-2017-6920","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.3.0|\u003E=8.3.0,\u003C8.3.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-06-21 18:13:27","composerRepository":"https:\/\/packagist.org","severity":"critical","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6920.yaml"},{"name":"GitHub","remoteId":"GHSA-9c24-g32g-35rj"}]},{"advisoryId":"PKSA-2pkc-d97h-541b","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6919.yaml","title":"Access bypass","link":"https:\/\/www.drupal.org\/SA-2017-002","cve":"CVE-2017-6919","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.2.8|\u003E=8.3.0,\u003C8.3.1","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-04-19 16:07:22","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6919.yaml"},{"name":"GitHub","remoteId":"GHSA-6hpj-9xj7-2jxx"}]},{"advisoryId":"PKSA-ppg3-hj76-c1nd","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6377.yaml","title":"Editor module incorrectly checks access to inline private files","link":"https:\/\/www.drupal.org\/SA-2017-001","cve":"CVE-2017-6377","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.2.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-03-15 20:19:51","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6377.yaml"},{"name":"GitHub","remoteId":"GHSA-w7qx-vwr9-2j3r"}]},{"advisoryId":"PKSA-kq9s-pmck-3hhz","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6379.yaml","title":"Some admin paths were not protected with a CSRF token","link":"https:\/\/www.drupal.org\/SA-2017-001","cve":"CVE-2017-6379","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.2.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-03-15 20:19:51","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6379.yaml"},{"name":"GitHub","remoteId":"GHSA-gxxq-fhc7-3jv9"}]},{"advisoryId":"PKSA-1931-qv6k-h8s6","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2017-6381.yaml","title":"Remote code execution","link":"https:\/\/www.drupal.org\/SA-2017-001","cve":"CVE-2017-6381","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.2.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2017-03-15 20:19:51","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2017-6381.yaml"},{"name":"GitHub","remoteId":"GHSA-rhx9-3qf7-r3j7"}]},{"advisoryId":"PKSA-vsdz-dkbh-6vty","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-9450.yaml","title":"Incorrect cache context on password reset page","link":"https:\/\/www.drupal.org\/SA-CORE-2016-005","cve":"CVE-2016-9450","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.2.3","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-11-16 18:45:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-9450.yaml"},{"name":"GitHub","remoteId":"GHSA-98w5-wqp9-w466"}]},{"advisoryId":"PKSA-zfjc-rvnr-yfgg","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-9452.yaml","title":"Denial of service via transliterate mechanism","link":"https:\/\/www.drupal.org\/SA-CORE-2016-005","cve":"CVE-2016-9452","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.2.3","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-11-16 18:45:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-9452.yaml"},{"name":"GitHub","remoteId":"GHSA-jpj8-49hr-wcwv"}]},{"advisoryId":"PKSA-g8fm-x736-dhw6","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-9449.yaml","title":"Inconsistent name for term access query","link":"https:\/\/www.drupal.org\/SA-CORE-2016-005","cve":"CVE-2016-9449","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.2.0|\u003E=8.2.0,\u003C8.2.3","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-11-16 18:45:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-9449.yaml"},{"name":"GitHub","remoteId":"GHSA-p745-347h-hjfw"}]},{"advisoryId":"PKSA-wsdn-jkns-xw8s","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-7570.yaml","title":"Users without \u0022Administer comments\u0022 can set comment visibility on nodes they can edit","link":"https:\/\/www.drupal.org\/SA-CORE-2016-004","cve":"CVE-2016-7570","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.1.10","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-09-21 18:39:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-7570.yaml"},{"name":"GitHub","remoteId":"GHSA-6g9h-6v79-w4pc"}]},{"advisoryId":"PKSA-7nn6-tbd9-7733","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-7572.yaml","title":"Full config export can be downloaded without administrative permissions","link":"https:\/\/www.drupal.org\/SA-CORE-2016-004","cve":"CVE-2016-7572","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.1.10","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-09-21 18:39:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-7572.yaml"},{"name":"GitHub","remoteId":"GHSA-fmqh-2j2x-vgp3"}]},{"advisoryId":"PKSA-hyt2-1n75-d5g6","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-7571.yaml","title":"Cross-site Scripting in http exceptions","link":"https:\/\/www.drupal.org\/SA-CORE-2016-004","cve":"CVE-2016-7571","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.1.10","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-09-21 18:39:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-7571.yaml"},{"name":"GitHub","remoteId":"GHSA-vhg8-x858-7wq6"}]},{"advisoryId":"PKSA-dtjt-nkrz-7p1t","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-5385.yaml","title":"Drupal Core - Highly Critical - Injection - SA-CORE-2016-003","link":"https:\/\/www.drupal.org\/SA-CORE-2016-003","cve":"CVE-2016-5385","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.1.7","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-07-18 16:01:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-5385.yaml"},{"name":"GitHub","remoteId":"GHSA-m6ch-gg5f-wxx3"}]},{"advisoryId":"PKSA-dftb-k553-yc5x","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-6211.yaml","title":"Saving user accounts can sometimes grant the user all roles","link":"https:\/\/www.drupal.org\/SA-CORE-2016-002","cve":"CVE-2016-6211","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.1.3","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-06-15 20:59:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-6211.yaml"},{"name":"GitHub","remoteId":"GHSA-frqf-9qr4-6vxf"}]},{"advisoryId":"PKSA-h7b6-5hdp-ngdf","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-6212.yaml","title":"Views can allow unauthorized users to see Statistics information","link":"https:\/\/www.drupal.org\/SA-CORE-2016-002","cve":"CVE-2016-6212","affectedVersions":"\u003E=8.0,\u003C8.1.0|\u003E=8.1.0,\u003C8.1.3","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-06-15 20:59:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-6212.yaml"},{"name":"GitHub","remoteId":"GHSA-rfxx-gxwc-923c"}]},{"advisoryId":"PKSA-c5cy-9myc-9jvy","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3166.yaml","title":"HTTP header injection using line breaks","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3166","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3166.yaml"},{"name":"GitHub","remoteId":"GHSA-fg5q-r2q5-qmh3"}]},{"advisoryId":"PKSA-w7rh-fsfz-47tv","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3164.yaml","title":"Open redirect via path manipulation","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3164","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3164.yaml"},{"name":"GitHub","remoteId":"GHSA-836p-6p4j-35cg"}]},{"advisoryId":"PKSA-cvhr-cpqr-xzbr","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3168.yaml","title":"Reflected file download vulnerability","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3168","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3168.yaml"},{"name":"GitHub","remoteId":"GHSA-qqxc-cppg-4xp8"}]},{"advisoryId":"PKSA-4jbn-vr6y-x6k7","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3171.yaml","title":"Session data truncation can lead to unserialization of user provided data","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3171","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3171.yaml"},{"name":"GitHub","remoteId":"GHSA-69g8-g9jq-74v7"}]},{"advisoryId":"PKSA-6ghb-cyrk-9kmw","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3162.yaml","title":"File upload access bypass and denial of service","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3162","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3162.yaml"},{"name":"GitHub","remoteId":"GHSA-w2pj-c8x5-jvg2"}]},{"advisoryId":"PKSA-1tzq-2qs7-2bmg","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3167.yaml","title":"Open redirect via double-encoded \u0027destination\u0027 parameter","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3167","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3167.yaml"},{"name":"GitHub","remoteId":"GHSA-gxwx-c7m8-f95h"}]},{"advisoryId":"PKSA-vf9k-szc7-mht3","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3169.yaml","title":"Saving user accounts can sometimes grant the user all roles","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3169","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3169.yaml"},{"name":"GitHub","remoteId":"GHSA-q3p9-8728-wq7x"}]},{"advisoryId":"PKSA-f2tr-vkvs-rn6s","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3165.yaml","title":"Form API ignores access restrictions on submit buttons","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3165","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3165.yaml"},{"name":"GitHub","remoteId":"GHSA-4gh5-3hqj-x3pj"}]},{"advisoryId":"PKSA-w5qn-v455-qw2x","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3170.yaml","title":"Email address can be matched to an account","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3170","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"medium","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3170.yaml"},{"name":"GitHub","remoteId":"GHSA-pqv4-xgqh-j8vh"}]},{"advisoryId":"PKSA-dcs8-k9rm-1jyb","packageName":"drupal\/core","remoteId":"drupal\/core\/CVE-2016-3163.yaml","title":"Brute force amplification attacks via XML-RPC","link":"https:\/\/www.drupal.org\/SA-CORE-2016-001","cve":"CVE-2016-3163","affectedVersions":"\u003E=8.0,\u003C8.0.4","source":"FriendsOfPHP\/security-advisories","reportedAt":"2016-02-15 18:57:00","composerRepository":"https:\/\/packagist.org","severity":"high","sources":[{"name":"FriendsOfPHP\/security-advisories","remoteId":"drupal\/core\/CVE-2016-3163.yaml"},{"name":"GitHub","remoteId":"GHSA-h3r9-pjmr-f938"}]}]}}