Filter
-Infinity
0
Trending
Versions
7.0
89
6.0
77
5.0
56
7.0-alpha1
55
7.0-alpha2
55
7.0-alpha3
55
7.0-alpha4
55
7.0-alpha5
55
7.0-alpha6
55
7.0-alpha7
55
7.0-dev
55
7.1
55
7.2
55
6.1
54
6.2
54
7.10
54
6.3
52
7.3
52
7.4
52
7.0-beta1
51
7.0-beta2
51
7.0-beta3
51
7.0-rc1
51
7.0-rc2
51
7.0-rc3
51
7.0-rc4
51
7.11
51
7.12
51
7.5
50
7.6
50
7.7
50
7.8
50
7.9
50
6.4
47
7.14
46
6.5
45
7.13
45
6.0-beta2
43
6.0-beta3
43
6.0-beta4
43
6.10
43
6.6
43
6.0-beta1
42
6.11
41
6.7
41
6.8
41
7.15
41
6.12
40
6.14
40
6.9
40
Oracle REST Data ServicesJQuery Cross-Site Scripting (XSS) Vulnerability
First published (updated )
DrupalDrupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003
7.5
EPSS
0.06%
First published (updated )
DrupalWEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030
6.5
EPSS
0.05%
First published (updated )
Drupal AIAI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021
7.5
EPSS
0.19%
First published (updated )
composer/drupal/coreDrupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004
5.4
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/drupal/coreDrupal core - Moderately critical - Access bypass - SA-CORE-2025-002
4.6
EPSS
0.02%
First published (updated )
Oracle Financial Services Analytical Applications InfrastructureCross-site Scripting in CKEditor4
5.4
First published (updated )
Oracle Financial Services Analytical Applications InfrastructureRegular expression Denial of Service in dialog plugin
7.5
First published (updated )
composer/guzzlehttp/psr7Improper Input Validation in guzzlehttp/psr7
7.5
First published (updated )
composer/guzzlehttp/guzzleCross-domain cookie leakage in Guzzle
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
DrupalFailure to strip the Cookie header on change in host or HTTP downgrade in Guzzle
7.5
First published (updated )
DrupalFix failure to strip Authorization header on HTTP downgrade in Guzzle
7.5
First published (updated )
TwigTwig may load a template outside a configured directory when using the filesystem loader
7.5
First published (updated )
composer/drupal/corecore/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) …
First published (updated )
DrupalECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031
5.4
EPSS
0.01%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal AIAI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022
6.6
EPSS
0.15%
First published (updated )
DrupalDrupal core - Critical - Cross site scripting - SA-CORE-2025-001
6.1
EPSS
0.03%
First published (updated )
Red Hat FedoraPEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
First published (updated )
Red Hat FedoraPEAR Archive_Tar Improper Link Resolution Vulnerability
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Ubercart Currency ConversionSession fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x…
6.8
First published (updated )
Florian Weber SpacesThe Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly del…
2.1
First published (updated )
Drupallib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote a…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal Monster MenusThe Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comm…
2.6
First published (updated )
Google AuthenticatorThe Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal a…
First published (updated )
Google AuthenticatorThe Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal d…
First published (updated )
FilefieldThe FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not p…
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.