Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Drupal is an open-source content management framework primarily utilized for building complex websites and digital experiences. With 295 recorded CVEs, its security history reflects typical challenges faced by widely adopted PHP-based platforms. Common vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure configuration defaults. Notable incidents have frequently involved exposed administrative endpoints or flawed permission handling, allowing attackers to gain unauthorized access or inject malicious scripts. The platform’s modular architecture, while flexible, can introduce risk if contributed modules are not rigorously vetted or updated. Security posture largely depends on timely patching and strict adherence to hardening guidelines. Despite these historical issues, Drupal remains a robust tool for enterprise-level applications, provided administrators maintain vigilant oversight of installed extensions and system configurations to mitigate known attack vectors effectively.

Top products by Drupal: Drupal Core core Open Social Enterprise MFA - TFA for Drupal AI (Artificial Intelligence) COOKiES Consent Management Two-factor Authentication (TFA) One Time Password Authenticator Login OpenID Connect / OAuth client Facets Data-module Klaro Cookie & Consent Management Access code Quick Node Block Simple Klaro Google Tag Email TFA CivicTheme Design System Acquia DAM Drupal POST File Paragraphs table Tagify Drupal Canvas Login Disable Node Access Rebuild Progressive Monster Menus File Entity (fieldable files) File Access Fix (deprecated)
CVE IDTitleCVSSSeverityPublished
CVE-2025-48923 Toc.js - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-077 — Toc.jsCWE-79 6.1AIMediumAI2025-06-26
CVE-2025-48915 COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-076 — COOKiES Consent ManagementCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48914 COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-075 — COOKiES Consent ManagementCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48920 etracker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-074 — etrackerCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48919 Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-073 — Simple KlaroCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48917 EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072 — EU Cookie Compliance (GDPR Compliance)CWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48918 Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-071 — Simple KlaroCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48916 Bookable Calendar - Less critical - Access bypass - SA-CONTRIB-2025-070 — Bookable CalendarCWE-862 7.5AIHighAI2025-06-13
CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069 — LightgalleryCWE-79 6.1AIMediumAI2025-06-11
CVE-2025-48448 Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068 — Admin Audit TrailCWE-770 8.1AIHighAI2025-06-11
CVE-2025-48446 Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067 — Commerce Alphabank RedirectCWE-863 9.4AICriticalAI2025-06-11
CVE-2025-48445 Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066 — Commerce Eurobank (Redirect)CWE-863 9.8AICriticalAI2025-06-11
CVE-2025-48013 Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065 — Quick Node BlockCWE-862 7.5AIHighAI2025-06-11
CVE-2025-48444 Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-064 — Quick Node BlockCWE-862 7.5AIHighAI2025-06-11
CVE-2025-48012 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-063 — One Time PasswordCWE-294 9.1AICriticalAI2025-05-21
CVE-2025-48011 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-062 — One Time PasswordCWE-288 9.8AICriticalAI2025-05-21
CVE-2025-48010 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061 — One Time PasswordCWE-288 9.8AICriticalAI2025-05-21
CVE-2025-48009 Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060 — Single Content SyncCWE-862 9.8AICriticalAI2025-05-21
CVE-2025-4416 Events Log Track - Moderately critical - Denial of Service - SA-CONTRIB-2025-059 — Events Log TrackCWE-770 6.5AIMediumAI2025-05-21
CVE-2025-4415 Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058 — Piwik PROCWE-79 6.1AIMediumAI2025-05-21
CVE-2025-47710 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056 — Enterprise MFA - TFA for DrupalCWE-288 9.8AICriticalAI2025-05-14
CVE-2025-47709 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055 — Enterprise MFA - TFA for DrupalCWE-862 6.5AIMediumAI2025-05-14
CVE-2025-47708 Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054 — Enterprise MFA - TFA for DrupalCWE-352 8.8AIHighAI2025-05-14
CVE-2025-47707 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053 — Enterprise MFA - TFA for DrupalCWE-288 9.8AICriticalAI2025-05-14
CVE-2025-47706 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052 — Enterprise MFA - TFA for DrupalCWE-294 9.8AICriticalAI2025-05-14
CVE-2025-47705 IFrame Remove Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-051 — IFrame Remove FilterCWE-79 6.1AIMediumAI2025-05-14
CVE-2025-47704 Klaro Cookie & Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-050 — Klaro Cookie & Consent ManagementCWE-79 6.1AIMediumAI2025-05-14
CVE-2025-47703 COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-049 — COOKiES Consent ManagementCWE-79 6.1AIMediumAI2025-05-14
CVE-2025-47702 oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048 — oEmbed ProvidersCWE-79 6.1AIMediumAI2025-05-14
CVE-2025-47701 Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047 — Restrict route by IPCWE-352 8.8AIHighAI2025-05-14

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.