drupal/core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-9082Criticaldrupal/core: Drupal Core has a SQL Injection issueCVE-2026-6367Mediumdrupal/core: Drupal core allows Cross-Site Scripting (XSS)CVE-2026-6366Mediumdrupal/core: Drupal core allows Object InjectionCVE-2026-6365Mediumdrupal/core: Drupal core is Vulnerable to Cross-Site ScriptingCVE-2025-13081Mediumdrupal/core: Drupal core allows Object InjectionCVE-2025-13082Lowdrupal/core: Drupal core allows Content SpoofingCVE-2025-13080Lowdrupal/core: Drupal core allows Forceful BrowsingCVE-2025-13083Lowdrupal/core: Drupal core allows Exploiting Incorrectly Configured Access Control Security LevelsCVE-2025-3057Mediumdrupal/core: Drupal Core Potential Cross-Site Scripting (XSS) via Error MessagesCVE-2025-31675Lowdrupal/core: Drupal Core Cross-Site Scripting (XSS) VulnerabilityCVE-2025-31674Mediumdrupal/core: Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes…CVE-2025-31673Mediumdrupal/core: Drupal Core Vulnerable to Forceful BrowsingCVE-2024-55636Lowdrupal/core: Drupal core contains a potential PHP Object Injection vulnerabilityCVE-2024-55638Highdrupal/core: Drupal core contains a potential PHP Object Injection vulnerabilityCVE-2024-55637Highdrupal/core: Drupal core contains a potential PHP Object Injection vulnerabilityCVE-2024-55634Mediumdrupal/core: Drupal core Access bypassCVE-2024-12393Mediumdrupal/core: Drupal Core Cross-Site Scripting (XSS)CVE-2024-11941Highdrupal/core: Drupal core Denial of ServiceCVE-2024-11942Mediumdrupal/core: Drupal core vulnerable to improper error handlingCVE-2024-45440Mediumdrupal/drupal: Drupal Full Path DisclosureGHSA-VFGC-C76H-MWH4Mediumdrupal/core: Drupal core Cross-Site Scripting (XSS) vulnerabilitiesGHSA-GXXJ-G9V8-W28PHighdrupal/core: Drupal core Arbitrary PHP code executionGHSA-6GF6-24H2-66J4Mediumdrupal/core: Drupal core Open Redirect vulnerabilityGHSA-V273-J5HQ-26XPMediumdrupal/core: Drupal core uses a vulnerable Third-party library CKEditorGHSA-98H9-727M-44QVHighdrupal/core: Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar

Stop the waste.
Protect your environment with Kodem.