Browse Security Advisories
Moderate Security Advisories for drupal/core Clear Filters
Moderate
4 months ago
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
packagist
drupal/core
Moderate
4 months ago
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
packagist
drupal/core
Moderate
8 months ago
Drupal core Access bypass
packagist
drupal/drupal, drupal/core-recommended, drupal/core
Moderate
8 months ago
Drupal Core Cross-Site Scripting (XSS)
packagist
drupal/drupal, drupal/core-recommended, drupal/core
Moderate
11 months ago
Drupal Full Path Disclosure
packagist
drupal/core, drupal/core-recommended, drupal/drupal
Moderate
about 1 year ago
Drupal core Cross-Site Scripting (XSS) vulnerabilities
packagist
drupal/core
Moderate
about 1 year ago
Drupal core uses a vulnerable Third-party library CKEditor
packagist
drupal/core
Moderate
about 1 year ago
Drupal External URL injection through URL aliases leading to Open Redirect
packagist
drupal/core
Moderate
about 3 years ago
Drupal Core Access bypass vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Core Open Redirect vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Core Cross-site scripting vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Cross Site Scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal CRLF injection vulnerability in the drupal_set_header function
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Reflected file download vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal sensitive information disclosure
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
packagist
drupal/core, drupal/drupal
Moderate
about 3 years ago
Drupal Unprivileged access to config export
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Cross-site scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Views can allow unauthorized users to see Statistics information
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Denial of service via transliterate mechanism
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal sensitive information disclosure
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal cross site scripting vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal external link injection vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal cross-site scripting vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
packagist, npm
drupal/drupal, ckeditor-dev, drupal/core
Moderate
about 3 years ago
Drupal file REST resource does not properly validate
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal core access bypass vulnerability
packagist
drupal/drupal, drupal/core
Moderate
over 3 years ago
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
packagist
drupal/drupal, drupal/core
Moderate
over 3 years ago
Drupal core Cross-site Scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 4 years ago
ckeditor4 vulnerable to cross-site scripting
packagist, npm
drupal/drupal, drupal/core, ckeditor4
Moderate
over 5 years ago
Symfony Cross-site Scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Filter by Severity
Filter by Ecosystem
maven
3,135
packagist
3,007
pypi
2,022
npm
1,354
go
1,272
nuget
659
rubygems
437
cargo
411
hex
16
swift
13
actions
7
pub
3
Filter by Package
moodle/moodle
307
tensorflow
200
tensorflow-cpu
198
tensorflow-gpu
197
magento/community-edition
167
org.jenkins-ci.main:jenkins-core
145
typo3/cms
129
org.apache.tomcat:tomcat
96
pimcore/pimcore
87
github.com/mattermost/mattermost/server/v8
76
typo3/cms-core
74
com.liferay.portal:release.portal.bom
73
microweber/microweber
69
silverstripe/framework
68
com.liferay.portal:release.dxp.bom
68
phpmyadmin/phpmyadmin
56
dolibarr/dolibarr
55
drupal/core
54
magento/project-community-edition
51
github.com/usememos/memos
47
thorsten/phpmyfaq
47
actionpack
45
concrete5/concrete5
45
Django
44
apache-airflow
43
drupal/drupal
42
librenms/librenms
42
apache-superset
41
Plone
36
showdoc/showdoc
34
symfony/symfony
33
mantisbt/mantisbt
33
org.elasticsearch:elasticsearch
33
org.keycloak:keycloak-core
32
github.com/grafana/grafana
31
github.com/mattermost/mattermost-server/v6
30
plone
29
nova
29
craftcms/cms
29
moin
27
intelliants/subrion
26
baserproject/basercms
26
ansible
25
snipe/snipe-it
25
mautic/core
24
k8s.io/kubernetes
24
directus
23
shopware/platform
22
django
21
github.com/mattermost/mattermost-server
21
nilsteampassnet/teampass
21
github.com/answerdev/answer
21
gradio
20
org.keycloak:keycloak-services
20
mediawiki/core
20
froxlor/froxlor
20
org.apache.struts:struts2-core
20
grumpydictator/firefly-iii
20
matrix-synapse
19
shopware/shopware
19
github.com/cilium/cilium
19
org.apache.tomcat.embed:tomcat-embed-core
19
remdex/livehelperchat
18
github.com/docker/docker
18
zendframework/zendframework1
17
salt
17
getkirby/cms
17
shopware/core
17
rdiffweb
16
github.com/argoproj/argo-cd/v2
16
github.com/hashicorp/vault
16
io.undertow:undertow-core
15
yetiforce/yetiforce-crm
15
github.com/hashicorp/nomad
15
vyper
15
org.opencms:opencms-core
15
prestashop/prestashop
15
rack
15
DotNetNuke.Core
14
github.com/hashicorp/consul
14
org.xwiki.platform:xwiki-platform-oldcore
14
glance
14
tinymce
14
puppet
14
contao/core-bundle
13
org.springframework.security:spring-security-core
13
org.apache.jspwiki:jspwiki-main
13
com.thoughtworks.xstream:xstream
13
tribalsystems/zenario
13
keystone
13
forkcms/forkcms
13
com.jfinal:jfinal
13
nokogiri
13
github.com/goharbor/harbor
13
org.bouncycastle:bcprov-jdk14
12
wallabag/wallabag
12
github.com/openfga/openfga
12
github.com/argoproj/argo-cd
12
roundup
12
simplesamlphp/simplesamlphp
12
@openzeppelin/contracts
11
ec-cube/ec-cube
11
ckeditor4
11
lavalite/cms
11
TinyMCE
11
org.apache.tomcat:tomcat-coyote
11
bootstrap
11
@openzeppelin/contracts-upgradeable
11
org.eclipse.jetty:jetty-server
11
github.com/traefik/traefik/v2
11
laravel/framework
11
feehi/feehicms
11
phpoffice/phpexcel
11
github.com/containerd/containerd
11
getgrav/grav
11
tinymce/tinymce
11
activesupport
11
genix/cms
11
github.com/ethereum/go-ethereum
11
opencart/opencart
10
org.keycloak:keycloak-parent
10
francoisjacquet/rosariosis
10
org.apache.nifi:nifi
10
github.com/greenpau/caddy-security
10
typo3/cms-backend
10
aiohttp
10
fat_free_crm
10
com.vaadin:vaadin-bom
10
vite
10
OctoPrint
10
org.springframework:spring-core
10
joplin
10
notebook
10
helm.sh/helm/v3
10
phpoffice/phpspreadsheet
10
silverstripe/cms
10
surrealdb
10
bolt/bolt
10
PaddlePaddle
10
org.apache.jspwiki:jspwiki-war
10
zendframework/zendframework
10
ghost
10
vllm
10
bootstrap
10
gogs.io/gogs
10
org.apache.solr:solr-core
10
org.opencrx:opencrx-core-models
9
org.igniterealtime.openfire:parent
9
code.gitea.io/gitea
9
publify_core
9
angular
9
electron
9
next
9
open-webui
9
sylius/sylius
9
twbs/bootstrap
9
swagger-ui
9
calibreweb
9
horizon
9
org.apache.activemq:activemq-client
9
org.bouncycastle:bcprov-jdk15on
9
rubygems-update
9
pimcore/admin-ui-classic-bundle
9
pyftpdlib
9
org.webjars:bootstrap
9
cakephp/cakephp
9
org.jenkins-ci.plugins:git
9
wasmtime
9
org.jenkins-ci.plugins:script-security
9
bootstrap
9
urllib3
9
org.mortbay.jetty:jetty
9
contao/contao
8
onionshare-cli
8
neutron
8
parse-server
8
modoboa
8
mlflow
8
github.com/kubeedge/kubeedge
8
org.jenkins-ci.plugins:subversion
8
centreon/centreon
8
sulu/sulu
8
rails-html-sanitizer
8
rails
8
org.apache.ranger:ranger
8
github.com/moby/moby
8
jquery-rails
8
bootstrap.sass
8
org.apache.archiva:archiva
8
camaleon_cms
8
actionview
8
github.com/traefik/traefik/v3
8
transformers
8
github.com/rancher/rancher
8
phpmyfaq/phpmyfaq
8
phpbb/phpbb
8
impresscms/impresscms
8
org.jenkins-ci.plugins:electricflow
8
Microsoft.ChakraCore
8
org.bouncycastle:bcprov-jdk15to18
8