Browse Security Advisories
Security Advisories for drupal/drupal Clear Filters
Moderate
8 months ago
Drupal core Access bypass
packagist
drupal/drupal, drupal/core-recommended, drupal/core
High
8 months ago
Drupal core contains a potential PHP Object Injection vulnerability
packagist
drupal/drupal, drupal/core-recommended, drupal/core
High
8 months ago
Drupal core contains a potential PHP Object Injection vulnerability
packagist
drupal/drupal, drupal/core-recommended, drupal/core
Low
8 months ago
Drupal core contains a potential PHP Object Injection vulnerability
packagist
drupal/drupal, drupal/core-recommended, drupal/core
Moderate
8 months ago
Drupal Core Cross-Site Scripting (XSS)
packagist
drupal/drupal, drupal/core-recommended, drupal/core
Moderate
11 months ago
Drupal Full Path Disclosure
packagist
drupal/core, drupal/core-recommended, drupal/drupal
Moderate
about 1 year ago
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
packagist
drupal/drupal
Moderate
about 1 year ago
Drupal core uses a vulnerable Third-party library CKEditor
packagist
drupal/drupal
High
about 1 year ago
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
packagist
drupal/drupal
Critical
about 1 year ago
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
packagist
drupal/drupal
Moderate
about 1 year ago
Drupal Malicious file upload with filenames stating with dot
packagist
drupal/drupal
Moderate
about 1 year ago
Drupal External URL injection through URL aliases leading to Open Redirect
packagist
drupal/drupal
Critical
over 1 year ago
Drupal Core Remote Code Execution Vulnerability
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Core Access bypass vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Core Cross-site scripting vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Core Open Redirect vulnerability
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Core Arbitrary PHP code execution vulnerability
packagist
drupal/drupal, drupal/core
Critical
about 3 years ago
Drupal Core Access bypass vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Cross Site Scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core
Low
about 3 years ago
Drupal cross-site scripting vulnerability via actions feature and trigger module
packagist
drupal/drupal
High
about 3 years ago
Drupal has open redirect vulnerability in the Overlay module
packagist
drupal/drupal
Moderate
about 3 years ago
Drupal CRLF injection vulnerability in the drupal_set_header function
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal saving user accounts can sometimes grant the user all roles
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Form API ignores access restrictions on submit buttons
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Reflected file download vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal sensitive information disclosure
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Brute force amplification attacks via XML-RPC
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Open redirect vulnerability in the drupal_goto function
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal File upload access bypass and denial of service
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
packagist
drupal/core, drupal/drupal
Moderate
about 3 years ago
Drupal Cross-site scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Unprivileged access to config export
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Saving user accounts can sometimes grant the user all roles
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Views can allow unauthorized users to see Statistics information
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal Denial of service via transliterate mechanism
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Incorrect cache context on password reset page
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal sensitive information disclosure
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Cross-Site Request Forgery (CSRF)
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal cross site scripting vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal external link injection vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal cross-site scripting vulnerability
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Comment reply form allows access to restricted content
packagist
drupal/drupal, drupal/core
Critical
about 3 years ago
Drupal PECL YAML parser unsafe object handling
packagist
drupal/drupal, drupal/core
Critical
about 3 years ago
Drupal Core Remote Code Execution Vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
packagist, npm
drupal/drupal, ckeditor-dev, drupal/core
High
about 3 years ago
Drupal access control bypass vulnerability
packagist
drupal/drupal, drupal/core
Critical
about 3 years ago
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal editor module incorrectly checks access to inline private files
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal core access bypass vulnerability
packagist
drupal/drupal, drupal/core
Moderate
about 3 years ago
Drupal file REST resource does not properly validate
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal REST API can bypass comment approval
packagist
drupal/drupal, drupal/core
High
about 3 years ago
Drupal Core Remote Code Execution Vulnerability
packagist
drupal/drupal, drupal/core
High
over 3 years ago
HTTP Proxy header vulnerability
packagist
typo3/cms, drupal/drupal, bugsnag/bugsnag-laravel, amphp/artax, padraic/humbug_get_contents, drupal/core, guzzlehttp/guzzle
High
over 3 years ago
Exposure of Resource to Wrong Sphere in Drupal Core
packagist
drupal/drupal, drupal/core
Moderate
over 3 years ago
Drupal core Cross-site Scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core
Moderate
over 3 years ago
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
packagist
drupal/drupal, drupal/core
Critical
over 3 years ago
Arbitrary PHP code execution in Drupal
packagist
drupal/core, drupal/drupal
High
almost 4 years ago
Drupal core Unrestricted Upload of File with Dangerous Type
packagist
drupal/drupal, drupal/core
Critical
almost 4 years ago
Directory Traversal in typo3/phar-stream-wrapper
packagist
drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Moderate
about 4 years ago
ckeditor4 vulnerable to cross-site scripting
packagist, npm
drupal/drupal, drupal/core, ckeditor4
High
over 5 years ago
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
packagist
drupal/drupal
Moderate
over 5 years ago
Symfony Cross-site Scripting (XSS) vulnerability
packagist
drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Filter by Severity
Filter by Ecosystem
maven
6,630
packagist
5,356
pypi
4,831
npm
4,188
go
2,794
nuget
1,700
cargo
1,065
rubygems
918
hex
37
swift
35
actions
32
pub
10
Filter by Package
tensorflow
433
tensorflow-gpu
427
tensorflow-cpu
423
moodle/moodle
418
magento/community-edition
300
Microsoft.ChakraCore
247
org.jenkins-ci.main:jenkins-core
239
typo3/cms
190
org.apache.tomcat:tomcat
138
pimcore/pimcore
120
dolibarr/dolibarr
116
github.com/mattermost/mattermost/server/v8
115
typo3/cms-core
111
phpmyadmin/phpmyadmin
107
Django
107
drupal/core
103
com.liferay.portal:release.portal.bom
100
magento/project-community-edition
100
microweber/microweber
99
silverstripe/framework
92
com.liferay.portal:release.dxp.bom
91
apache-airflow
85
drupal/drupal
83
librenms/librenms
82
thorsten/phpmyfaq
73
Plone
72
com.fasterxml.jackson.core:jackson-databind
69
symfony/symfony
69
concrete5/concrete5
65
github.com/usememos/memos
65
salt
65
ansible
63
actionpack
61
apache-superset
57
shopware/platform
57
org.apache.struts:struts2-core
57
github.com/grafana/grafana
56
mlflow
53
craftcms/cms
51
org.keycloak:keycloak-core
50
nova
48
baserproject/basercms
47
django
46
org.apache.tomcat.embed:tomcat-embed-core
46
nokogiri
46
shopware/core
45
gradio
44
github.com/rancher/rancher
44
mautic/core
44
vyper
44
matrix-synapse
42
rdiffweb
42
nilsteampassnet/teampass
42
mantisbt/mantisbt
41
org.keycloak:keycloak-services
41
k8s.io/kubernetes
41
org.xwiki.platform:xwiki-platform-oldcore
41
plone
41
showdoc/showdoc
41
org.elasticsearch:elasticsearch
41
github.com/hashicorp/vault
40
froxlor/froxlor
40
intelliants/subrion
39
github.com/mattermost/mattermost-server/v6
39
directus
38
com.thoughtworks.xstream:xstream
37
snipe/snipe-it
36
net.mingsoft:ms-mcms
36
com.jfinal:jfinal
36
moin
35
io.undertow:undertow-core
34
github.com/answerdev/answer
34
org.jenkins-ci.plugins:script-security
34
zendframework/zendframework1
34
parse-server
33
keystone
32
gogs.io/gogs
32
github.com/cilium/cilium
31
github.com/argoproj/argo-cd/v2
31
github.com/argoproj/argo-cd
31
opencv-python
31
Pillow
31
github.com/hashicorp/nomad
31
opencv-contrib-python
31
getgrav/grav
30
shopware/shopware
30
rack
29
github.com/docker/docker
29
github.com/hashicorp/consul
29
github.com/mattermost/mattermost-server
29
org.apache.solr:solr-core
28
mediawiki/core
28
electron
28
org.opencms:opencms-core
27
centreon/centreon
27
pillow
26
openssl-src
26
org.springframework.security:spring-security-core
26
next
26
prestashop/prestashop
26
rubygems-update
25
contao/core-bundle
25
org.eclipse.jetty:jetty-server
25
open-webui
25
github.com/traefik/traefik/v2
24
surrealdb
24
getkirby/cms
24
pocketmine/pocketmine-mp
24
magento/core
24
org.keycloak:keycloak-parent
24
laravel/framework
23
simplesamlphp/simplesamlphp
23
puppet
23
vllm
23
grumpydictator/firefly-iii
23
phpoffice/phpexcel
23
remdex/livehelperchat
23
zendframework/zendframework
23
org.bouncycastle:bcprov-jdk14
22
tribalsystems/zenario
22
Microsoft.AspNetCore.App.Runtime.win-x86
22
Microsoft.AspNetCore.App.Runtime.win-x64
22
org.apache.openmeetings:openmeetings-parent
22
DotNetNuke.Core
22
@openzeppelin/contracts-upgradeable
22
ckb
22
org.apache.nifi:nifi
21
github.com/ethereum/go-ethereum
21
org.apache.tomcat:tomcat-catalina
21
@openzeppelin/contracts
21
phpoffice/phpspreadsheet
21
glance
21
github.com/goharbor/harbor
21
activerecord
21
Microsoft.AspNetCore.App.Runtime.win-arm
21
golang.org/x/net
20
funadmin/funadmin
20
aim
20
code.gitea.io/gitea
20
wasmtime
20
cockpit-hq/cockpit
20
org.cloudfoundry.identity:cloudfoundry-identity-server
20
langchain
20
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
19
neutron
19
github.com/zitadel/zitadel
19
helm.sh/helm/v3
19
deno
19
Microsoft.AspNetCore.App.Runtime.linux-arm
19
Microsoft.AspNetCore.App.Runtime.linux-arm64
19
Microsoft.AspNetCore.App.Runtime.linux-x64
19
Microsoft.AspNetCore.App.Runtime.osx-x64
19
Microsoft.AspNetCore.App.Runtime.win-arm64
19
pyload-ng
19
org.apache.tomcat:tomcat-coyote
19
org.xwiki.platform:xwiki-platform-web-templates
19
genix/cms
18
contao/contao
18
topthink/framework
18
forkcms/forkcms
18
cobbler
18
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
18
mercurial
18
mindsdb
18
com.vaadin:vaadin-bom
18
symfony/security
17
cakephp/cakephp
17
notebook
17
calibreweb
17
opencart/opencart
17
org.apache.geode:geode-core
17
openmage/magento-lts
17
OctoPrint
17
org.apache.inlong:manager-pojo
17
org.springframework:spring-core
17
cryptography
17
francoisjacquet/rosariosis
17
typo3/cms-backend
17
yetiforce/yetiforce-crm
17
ezsystems/ezpublish-kernel
17
phpbb/phpbb
16
org.apache.ranger:ranger
16
github.com/traefik/traefik/v3
16
paddlepaddle
16
PaddlePaddle
16
org.apache.activemq:activemq-client
16
lollms
16
org.apache.jspwiki:jspwiki-main
16
rusqlite
16
sequelize
16
org.apache.dubbo:dubbo
16
Microsoft.NetCore.App.Runtime.win-arm
16
github.com/openfga/openfga
16
Microsoft.NetCore.App.Runtime.win-arm64
16
Microsoft.NetCore.App.Runtime.win-x64
16
Microsoft.NetCore.App.Runtime.win-x86
16
org.bouncycastle:bcprov-jdk15
16
october/system
16
tinymce
16
ethyca-fides
16
Filter by Repository
https://github.com/drupal/core
8
https://github.com/drupal/drupal
2
https://github.com/TYPO3/phar-stream-wrapper
1
https://github.com/symfony/symfony
1
https://github.com/guzzle/guzzle
1
https://github.com/github/advisory-database
1
https://github.com/ckeditor/ckeditor-dev
1
https://github.com/a2u/CVE-2018-7600
1