Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Drupal is an open-source content management framework primarily utilized for building complex websites and digital experiences. With 295 recorded CVEs, its security history reflects typical challenges faced by widely adopted PHP-based platforms. Common vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure configuration defaults. Notable incidents have frequently involved exposed administrative endpoints or flawed permission handling, allowing attackers to gain unauthorized access or inject malicious scripts. The platform’s modular architecture, while flexible, can introduce risk if contributed modules are not rigorously vetted or updated. Security posture largely depends on timely patching and strict adherence to hardening guidelines. Despite these historical issues, Drupal remains a robust tool for enterprise-level applications, provided administrators maintain vigilant oversight of installed extensions and system configurations to mitigate known attack vectors effectively.

Found 37 results / 295Clear Filters
Top products by Drupal: Drupal Core core Open Social Enterprise MFA - TFA for Drupal AI (Artificial Intelligence) COOKiES Consent Management Two-factor Authentication (TFA) One Time Password Authenticator Login OpenID Connect / OAuth client Facets Data-module Klaro Cookie & Consent Management Access code Quick Node Block Simple Klaro Google Tag Email TFA CivicTheme Design System Acquia DAM Drupal POST File Paragraphs table Tagify Drupal Canvas Login Disable Node Access Rebuild Progressive Monster Menus File Entity (fieldable files) File Access Fix (deprecated)
CVE IDTitleCVSSSeverityPublished
CVE-2025-13083 Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008 — Drupal coreCWE-525 7.5AIHighAI2025-11-18
CVE-2025-13082 Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 — Drupal coreCWE-451 4.3AIMediumAI2025-11-18
CVE-2025-13081 Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006 — Drupal coreCWE-915 9.8AICriticalAI2025-11-18
CVE-2025-13080 Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005 — Drupal coreCWE-754--AI2025-11-18
CVE-2025-31675 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 — Drupal coreCWE-79 6.1 -2025-03-31
CVE-2025-31674 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003 — Drupal coreCWE-915 9.8 -2025-03-31
CVE-2025-31673 Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002 — Drupal coreCWE-863 6.5 -2025-03-31
CVE-2025-3057 Drupal core - Critical - Cross site scripting - SA-CORE-2025-001 — Drupal coreCWE-79 6.1 -2025-03-31
CVE-2024-55638 Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008 — Drupal CoreCWE-915 9.8 -2024-12-09
CVE-2024-55637 Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007 — Drupal CoreCWE-915 9.8 -2024-12-09
CVE-2024-55636 Drupal core - Less critical - Gadget chain - SA-CORE-2024-006 — Drupal CoreCWE-915 9.8 -2024-12-09
CVE-2024-55635 Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005 — Drupal CoreCWE-79 6.1 -2024-12-09
CVE-2024-55634 Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004 — Drupal CoreCWE-178 8.8 -2024-12-09
CVE-2024-12393 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 — Drupal CoreCWE-79 6.1 -2024-12-09
CVE-2024-11942 Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002 — Drupal CoreCWE-390 9.1 -2024-12-05
CVE-2024-11941 Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001 — Drupal CoreCWE-835 7.5 -2024-12-05
CVE-2024-45440 Drupal 安全漏洞 — Drupal core 5.3AIMediumAI2024-08-29
CVE-2020-13688 Drupal Core 跨站脚本漏洞 — Drupal Core 6.1 -2021-06-11
CVE-2020-13663 Drupal 跨站请求伪造漏洞 — Drupal Core 8.8 -2021-06-11
CVE-2020-13667 Drupal 安全漏洞 — Drupal Core 7.5 -2021-05-17
CVE-2020-13664 Drupal 命令注入漏洞 — Drupal Core 8.8 -2021-05-05
CVE-2020-13662 IBM API Connect 输入验证错误漏洞 — Drupal Core 6.1 -2021-05-05
CVE-2020-13665 Drupal 安全漏洞 — Drupal Core 9.8 -2021-05-05
CVE-2020-13666 Drupal 跨站脚本漏洞 — Drupal Core 6.1 -2021-05-05
CVE-2020-13671 Drupal core 代码问题漏洞 — Drupal Core 8.8 -2020-11-20
CVE-2019-6342 Drupal core - Critical - Access bypass - SA-CORE-2019-008 — Drupal Core 7.5 -2020-05-28
CVE-2019-6341 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004 — Drupal core 5.4 -2019-03-26
CVE-2019-6340 Drupal core - Highly critical - Remote Code Execution — Drupal Core 8.1 -2019-02-21
CVE-2017-6923 Access bypass in Drupal 8 views — Drupal core 6.5 -2019-01-22
CVE-2019-6339 PHAR stream wrapper Arbitrary PHP code execution — Drupal core 9.8 -2019-01-22

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.