drupal/core-recommended
Packagist6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting drupal/core-recommendedpage 1 of 1
- CVE-2024-12393MEDIUMCVSS 5.4EG 5.4✓ Fixed in 11.0.82024-12-10
vulnerable: 11.0.0 ... 11.0.7 (8 versions)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9…
- CVE-2024-45440MEDIUMCVSS 5.3EG 5.3✓ Fixed in 10.2.92024-08-29
vulnerable: 10.0.0 ... 9.5.9 (345 versions)
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
- CVE-2024-55634HIGHCVSS 8.1EG 8.1✓ Fixed in 11.0.82024-12-10
vulnerable: 11.0.0 ... 11.0.7 (8 versions)
A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
- CVE-2024-55636CRITICALCVSS 9.8EG 9.8✓ Fixed in 11.0.82024-12-10
vulnerable: 11.0.0 ... 11.0.7 (8 versions)
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of method…
- CVE-2024-55637CRITICALCVSS 9.8EG 9.8✓ Fixed in 11.0.82024-12-10
vulnerable: 11.0.0 ... 11.0.7 (8 versions)
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of method…
- CVE-2024-55638CRITICALCVSS 9.8EG 9.8✓ Fixed in 7.1022024-12-10
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods th…
Check whether drupal/core-recommended is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for drupal/core-recommended CVEs against the assets you own.
Start Free Scan →