[LOW] Drupal core allows Forceful Browsing

PKSA-bn52-vyzy-rmnm CVE-2025-13080 GHSA-83v7-c2cf-p9c2

Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9

Reported by:
GitHub

[MEDIUM] Drupal core allows Object Injection

PKSA-xj83-g6g8-41vf CVE-2025-13081 GHSA-m6vv-vcj8-w8m7

Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9

Reported by:
GitHub

[LOW] Drupal core allows Content Spoofing

PKSA-dh1f-zjm5-qg8y CVE-2025-13082 GHSA-h89p-5896-f4q8

Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9

Reported by:
GitHub

[LOW] Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels

PKSA-d8tb-wwz2-ctxk CVE-2025-13083 GHSA-mhpg-hpj5-73r2

Affected version: >=11.2.0,<11.2.8|>=11.0.0,<11.1.9|>=10.5.0,<10.5.6|>=8.0.0,<10.4.9

Reported by:
GitHub

[MEDIUM] Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages

PKSA-s1zc-gcfk-ddw5 CVE-2025-3057 GHSA-39g6-x4x8-5jcm

Affected version: >=11.1.0,<11.1.3|>=11.0.0,<11.0.12|>=10.4.0,<10.4.3|>=8.0.0,<10.3.13

Reported by:
GitHub

[MEDIUM] Drupal Core Vulnerable to Forceful Browsing

PKSA-s6zc-mws4-ngh4 CVE-2025-31673 GHSA-wpp8-fjgf-pwc7

Affected version: >=11.1.0,<11.1.3|>=11.0.0,<11.0.12|>=10.4.0,<10.4.3|>=8.0.0,<10.3.13

Reported by:
GitHub

[MEDIUM] Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability

PKSA-ctyc-dmct-npkz CVE-2025-31674 GHSA-2qph-q8xw-gv7q

Affected version: >=11.1.0,<11.1.3|>=11.0.0,<11.0.12|>=10.4.0,<10.4.3|>=8.0.0,<10.3.13

Reported by:
GitHub

[LOW] Drupal Core Cross-Site Scripting (XSS) Vulnerability

PKSA-42zc-x5ss-z64p CVE-2025-31675 GHSA-m4wj-hhwj-47qp

Affected version: >=11.1.0,<11.1.5|>=11.0.0,<11.0.13|>=10.4.0,<10.4.5|>=8.0.0,<10.3.14

Reported by:
GitHub