The Migrate queue importer module enables you to create cron migrations(configuration entities) with a reference towards migration entities in order to import them during cron runs.

The module doesn't sufficiently protect against Cross Site Request Forgery
under specific scenarios allowing an attacker to enable/disable a cron migration.

This vulnerability is mitigated by the fact that an attacker must know the
id of the migration.

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider Authentication, etc.

The module doesn't sufficiently control user access when using Basic Authentication.

The Email Contact module provides email field display formatters that can display the field as a link to the contact form, or as an inline contact form.

The module does not sufficiently handle restricted entity or field access to the mail sending form, when the "Email contact link" formatter is used.

This vulnerability is mitigated by the fact that it requires the "Email contact link" formatter to be used.

The Rest views module lets site admins create rest exports in views with additional options for serializing data.

This module does not accurately check access and may expose paths to unpublished content.

This vulnerability is mitigated by the fact that there must be a specific content structure to expose.

Paths to unpublished entities (such as nodes) will be exposed if those entities are referenced from other entities listed in a REST display, and the reference field on those listed entities is displayed with the "Entity path" formatter.