Drupal Latest High Vulnerabilities

File Extension Bypass Vulnerability in Drupal by Acquia

CVE-2024-13311

DrupalAllow All File Extensi...7.3HIGH

Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

CVE-2023-5256

DrupalCore7.5HIGH

File Upload Vulnerability in Drupal Core by Acquia

CVE-2022-25277

DrupalCore7.2HIGH

Access Control Flaw in Drupal Image Module

CVE-2022-25275

DrupalCore7.5HIGH

Improper Input Validation in Drupal Core Forms Affecting Custom Modules

CVE-2022-25273

DrupalCore7.5HIGH

Improper Input Validation in Drupal Core's Form API Affecting User Data Security

CVE-2022-25271

DrupalCore7.5HIGH

Access Control Vulnerability in Drupal Core JSON:API by Drupal

CVE-2020-13677

DrupalCore7.5HIGH

Information Disclosure Vulnerability in Drupal Core File Module

CVE-2020-13670

DrupalCore7.5HIGH

Access Bypass Vulnerability in Drupal's JSON:API and REST/File Modules

CVE-2020-13675

DrupalCore9.8CRITICAL

Cross Site Request Forgery in Drupal Core Form API by Drupal

CVE-2020-13663

DrupalDrupal Core8.8HIGH

Arbitrary PHP Code Execution Vulnerability in Drupal Core by Drupal

CVE-2020-13664

DrupalDrupal Core8.8HIGH

Access Bypass Vulnerability in Drupal Core by Drupal

CVE-2020-13665

DrupalDrupal Core9.8CRITICAL

Docker Images with Default Root Password in Drupal by Drupal

CVE-2020-35191

DrupalDrupal Docker Images👾🟡9.8CRITICAL

File Upload Vulnerability in Drupal Core Affects Multiple Versions

CVE-2020-13671

DrupalDrupal Core👾EPSS 67%🦅8.8HIGH

Drupal core - Critical - Access bypass - SA-CORE-2019-008

CVE-2019-6342

DrupalDrupal Core9.8CRITICAL

SQL Injection Vulnerability in Drupal 6.x Products by Drupal

CVE-2011-2715

DrupalData-module9.8CRITICAL

Insecure Unserialize Vulnerability in Views Dynamic Fields Module for Drupal

CVE-2019-19826

DrupalViews Dynamic Field8.1HIGH

Access Bypass in Drupal 7.x Exposing File Attachments

CVE-2011-2726

drupal coredrupal core7.5HIGH

Denial of Service Vulnerability in SVG Sanitizer Module for Drupal

CVE-2019-18856

DrupalSvg Sanitizer7.5HIGH

Drupal core - Highly critical - Remote Code Execution

CVE-2019-6340

DrupalDrupal Core👾🟡EPSS 97%🦅8.1HIGH

PHAR stream wrapper Arbitrary PHP code execution

CVE-2019-6339

DrupalDrupal Core👾🟡EPSS 71%9.8CRITICAL

third-party PEAR Archive_Tar library updates

CVE-2019-6338

DrupalDrupal Core8HIGH

REST API can bypass comment approval - Access Bypass - Moderately Critical

CVE-2017-6924

DrupalDrupal Core7.4HIGH

Entity Access Vulnerability in Drupal 8 Core Versions

CVE-2017-6925

DrupalDrupal9.8CRITICAL

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004

CVE-2018-7602

DrupalCore💰👾🟡EPSS 96%🦅9.8CRITICAL

Vulnerability Published:

Sort By:

9 January 2025

File Extension Bypass Vulnerability in Drupal by Acquia

28 September 2023

Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

26 April 2023

File Upload Vulnerability in Drupal Core by Acquia

Access Control Flaw in Drupal Image Module

Improper Input Validation in Drupal Core Forms Affecting Custom Modules

16 February 2022

Improper Input Validation in Drupal Core's Form API Affecting User Data Security

11 February 2022

Access Control Vulnerability in Drupal Core JSON:API by Drupal

Information Disclosure Vulnerability in Drupal Core File Module

Access Bypass Vulnerability in Drupal's JSON:API and REST/File Modules

11 June 2021

Cross Site Request Forgery in Drupal Core Form API by Drupal

5 May 2021

Arbitrary PHP Code Execution Vulnerability in Drupal Core by Drupal

Access Bypass Vulnerability in Drupal Core by Drupal

17 December 2020

Docker Images with Default Root Password in Drupal by Drupal

20 November 2020

File Upload Vulnerability in Drupal Core Affects Multiple Versions

28 May 2020

Drupal core - Critical - Access bypass - SA-CORE-2019-008

14 January 2020

SQL Injection Vulnerability in Drupal 6.x Products by Drupal

16 December 2019

Insecure Unserialize Vulnerability in Views Dynamic Fields Module for Drupal

15 November 2019

Access Bypass in Drupal 7.x Exposing File Attachments

11 November 2019

Denial of Service Vulnerability in SVG Sanitizer Module for Drupal

21 February 2019

Drupal core - Highly critical - Remote Code Execution

22 January 2019

PHAR stream wrapper Arbitrary PHP code execution

third-party PEAR Archive_Tar library updates

15 January 2019

REST API can bypass comment approval - Access Bypass - Moderately Critical

Entity Access Vulnerability in Drupal 8 Core Versions

19 July 2018

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004