drupal/core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2017-6932Mediumdrupal/core: Drupal external link injection vulnerabilityCVE-2017-6927Mediumdrupal/core: Drupal cross-site scripting vulnerabilityCVE-2017-6926Highdrupal/core: Drupal Comment reply form allows access to restricted contentCVE-2017-6920Criticaldrupal/core: Drupal PECL YAML parser unsafe object handlingCVE-2018-7600Criticaldrupal/core: Drupal Core Remote Code Execution VulnerabilityCVE-2018-9861Mediumdrupal/core: Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)CVE-2017-6919Highdrupal/core: Drupal access control bypass vulnerabilityCVE-2017-6931Mediumdrupal/core: Drupal Settings Tray access bypassCVE-2017-6928Mediumdrupal/core: Drupal access bypass vulnerabilityCVE-2017-6925Criticaldrupal/core: Drupal Entity access bypass for entities that do not have UUIDs or have protected revisionsCVE-2017-6930Highdrupal/core: Drupal access bypass vulnerabilityCVE-2017-6381Highdrupal/core: Drupal Remote code executionCVE-2017-6377Highdrupal/core: Drupal editor module incorrectly checks access to inline private filesCVE-2017-6924Highdrupal/core: Drupal REST API can bypass comment approvalCVE-2017-6921Mediumdrupal/core: Drupal file REST resource does not properly validateCVE-2017-6922Mediumdrupal/core: Drupal core access bypass vulnerabilityCVE-2019-6340Highdrupal/core: Drupal Core Remote Code Execution VulnerabilityCVE-2011-2715Criticaldrupal/core: Drupal SQL Injection vulnerabilityCVE-2011-2714Mediumdrupal/core: Drupal Cross-Site Scripting vulnerabilityCVE-2016-5385Highguzzlehttp/guzzle: HTTP Proxy header vulnerabilityCVE-2022-25271Highdrupal/core: Improper input validation in Drupal coreCVE-2022-25270Mediumdrupal/core: Incorrect authorization in Drupal coreCVE-2020-13669Mediumdrupal/core: Drupal core Cross-site Scripting (XSS) vulnerability in ckeditorCVE-2020-13668Mediumdrupal/core: Cross-site Scripting in Drupal CoreCVE-2020-13670Highdrupal/core: Exposure of Resource to Wrong Sphere in Drupal Core

Stop the waste.
Protect your environment with Kodem.