drupal/core Security Advisories for 10.4.x-dev (2)
-
[MEDIUM] Drupal core is Vulnerable to Cross-Site Scripting
PKSA-7kyj-yy4m-jzhv CVE-2026-6365 GHSA-f3cj-mjqm-fhvj
Affected version: >=11.3.0,<11.3.7|>=11.0.0,<11.2.11|>=10.6.0,<10.6.7|>=8.0.0,<10.5.9
Reported by:
GitHub -
[MEDIUM] Drupal core allows Object Injection
PKSA-j351-xv4b-pryh CVE-2026-6366 GHSA-xmjc-63pr-2mpg
Affected version: >=11.3.0,<11.3.7|>=11.0.0,<11.2.11|>=10.6.0,<10.6.7|>=8.0.0,<10.5.9
Reported by:
GitHub