Drupal Avatar Uploader — known CVE vulnerabilities
Every CVE whose affected-product data names Drupal Avatar Uploader, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2018-9205 — CVSS 7.5 (high): Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.