>= 7.0, < 7.59
>= 7.0, < 7.58
HIGH8.8⚠ KEVDrupal core Unrestricted Upload of File with Dangerous Type
>= 7.0.0, < 7.74
HIGH8.1⚠ KEVDrupal Core Remote Code Execution Vulnerability
>= 7.0.0, < 7.62.0
CRITICAL9.8Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
>= 8.8.0, < 10.2.11
CRITICAL9.8Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
>= 8.8.0, < 10.2.11
CRITICAL9.8Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
>= 8.8.0, < 10.2.11
CRITICAL9.8Drupal Core Access bypass vulnerability
>= 8.8.0, < 8.8.8
CRITICAL9.8Drupal PECL YAML parser unsafe object handling
>= 8.0, < 8.3.4
CRITICAL9.8Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
>= 8.0, < 8.3.7
CRITICAL9.8drupal7 - security update
>= 7.0.0, < 7.67.0
CRITICAL9.8drupal7 - security update
>= 7.0.0, < 7.62.0
HIGH8.8drupal7 - security update
>= 7.0, < 7.44
HIGH8.8Drupal Core Arbitrary PHP code execution vulnerability
>= 8.8.0, < 8.8.8
HIGH8.8drupal7 - security update
>= 7.0.0, < 7.72
HIGH8.1Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
>= 8.0.0, < 10.2.11
HIGH8.1Drupal saving user accounts can sometimes grant the user all roles
>= 7.0, < 7.43
HIGH8.1drupal7 - security update
>= 8.0, < 8.0.4
HIGH8.1Drupal arbitrary code execution
>= 6.0, < 6.38
HIGH8.1Drupal Comment reply form allows access to restricted content
>= 8.4.0, < 8.4.5
HIGH8.1Drupal access bypass vulnerability
>= 8.4.0, < 8.4.5
HIGH8.1Drupal Remote code execution
>= 8.0, < 8.2.7
HIGH8.0drupal7 - security update
>= 7.0.0, < 7.62.0
HIGH7.5Drupal has open redirect vulnerability in the Overlay module
>= 7.0, < 7.24
HIGH7.5Drupal Form API ignores access restrictions on submit buttons
>= 6.0, < 6.38
HIGH7.5Drupal Brute force amplification attacks via XML-RPC
>= 7.0, < 7.43
HIGH7.5Drupal Incorrect cache context on password reset page
>= 8.0, < 8.2.3
HIGH7.5Drupal Cross-Site Request Forgery (CSRF)
>= 8.2.0, < 8.2.7
HIGH7.5Drupal access control bypass vulnerability
>= 8.0, < 8.2.8
HIGH7.5Drupal editor module incorrectly checks access to inline private files
>= 8.2.0, < 8.2.7
HIGH7.5Exposure of Resource to Wrong Sphere in Drupal Core
>= 8.0.0, < 8.8.10
HIGH7.4Drupal Open Redirect
>= 6.0, < 6.38
HIGH7.4Drupal Open redirect vulnerability in the drupal_goto function
>= 6.0, < 6.38
HIGH7.4Drupal REST API can bypass comment approval
>= 8.0, < 8.3.7
MEDIUM6.5Drupal Denial of service via transliterate mechanism
>= 8.0, < 8.2.3
MEDIUM6.5Drupal Settings Tray access bypass
>= 8.4.0, < 8.4.5
MEDIUM6.5drupal7 - security update
>= 8.0, < 8.3.4
MEDIUM6.5Missing Authorization in Drupal
>= 8.0, < 8.3.7
MEDIUM6.4Drupal Reflected file download vulnerability
>= 7.0, < 7.43
MEDIUM6.1drupal7 - security update
>= 7.0.0, < 7.70
MEDIUM6.1Drupal Cross-site scripting (XSS) vulnerability
>= 8.0, < 8.1.10
MEDIUM6.1Drupal cross site scripting vulnerability
>= 8.0, < 8.4.0
MEDIUM6.1drupal7 - security update
>= 8.4.0, < 8.4.5
MEDIUM6.1Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
>= 8.0, < 8.4.7
MEDIUM6.1Access bypass in Drupal Core 8/9
>= 8.0.0, < 8.8.10
MEDIUM6.1ckeditor - security update
>= 7.0.0, < 7.80
MEDIUM6.1drupal7 - security update
>= 7.0.0, < 7.80
MEDIUM6.1Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
>= 8.0.0, < 8.8.10
MEDIUM6.1drupal7 - security update
>= 7.0.0, < 7.73
MEDIUM5.9Drupal CRLF injection vulnerability in the drupal_set_header function
>= 6.0, < 6.38
MEDIUM5.9Drupal file REST resource does not properly validate
>= 8.0, < 8.3.4
MEDIUM5.4Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
>= 8.8.0, < 10.2.11
MEDIUM5.4symfony - security update
>= 8.0.0, < 8.5.15
MEDIUM5.4drupal7 - security update
>= 7.0.0, < 7.65.0
MEDIUM5.3Drupal Full Path Disclosure
>= 10.3.0, < 10.3.6
MEDIUM5.3Drupal sensitive information disclosure
>= 8.0, < 8.0.4
MEDIUM5.3Drupal Views can allow unauthorized users to see Statistics information
>= 8.0, < 8.1.3
MEDIUM5.3Drupal access bypass vulnerability
>= 7.0, < 7.57
MEDIUM5.3Drupal Core Access bypass vulnerability
>= 8.8.0, < 8.8.10
MEDIUM4.7Drupal external link injection vulnerability
>= 7.0, < 7.57
MEDIUM4.3Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
>= 8.0.0, < 8.1.10
MEDIUM4.3Drupal Unprivileged access to config export
>= 8.0, < 8.1.10
MEDIUM4.3drupal7 - security update
>= 8.0, < 8.2.3
—Drupal cross-site scripting vulnerability via actions feature and trigger module
>= 6.0, < 6.18
—Drupal Open Redirect
>= 7.0, < 7.13
—Drupal improper access restrictions
>= 7.0, < 7.14
—Drupal Node Validation Bypass in the node module API
>= 5.0, < 5.11
—Drupal vulnerable to Cross-site Scripting
>= 6.0, < 6.3