drupal
557 tracked vulnerabilities.
CVE-2020-13675
CRITICAL
Drupal 8.0.0-8.9.18 - Improper Access Control in JSON:API and REST/File Modules
Feb 11, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-13674
MEDIUM
Drupal 8.9.0-8.9.18 - Cross-Site Request Forgery in QuickEdit Module
Feb 11, 2022
CVSS 6.5
EPSS 0.00
CVE-2020-13673
MEDIUM
Drupal Entity Embed - Cross-Site Request Forgery
Feb 11, 2022
CVSS 6.1
EPSS 0.00
CVE-2020-13672
MEDIUM
Drupal < 7.80, 8.9.x < 8.9.14, 9.0.x < 9.0.12, 9.1.x < 9.1.7 - Cross-Site Scripting in Sanitization API
Feb 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2020-13670
HIGH
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Unauthenticated Information Disclosure in File Module
Feb 11, 2022
CVSS 7.5
EPSS 0.01
CVE-2020-13669
MEDIUM
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Cross-Site Scripting in CKEditor
Feb 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2020-13668
MEDIUM
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Cross-Site Scripting via Form HTML Rendering
Feb 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2020-13663
HIGH
Drupal 7.0-7.71 and 8.9.0 - Cross-Site Request Forgery in Form API
Jun 11, 2021
CVSS 8.8
EPSS 0.01
CVE-2020-13688
MEDIUM
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Cross-Site Scripting in Form HTML Rendering
Jun 11, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-13667
MEDIUM
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Access Bypass in Workspaces Module
May 17, 2021
CVSS 5.3
EPSS 0.01
CVE-2020-13665
CRITICAL
Drupal Core <8.8.8, <8.9.1, <9.0.1 - Auth Bypass
May 05, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-13664
HIGH
Drupal Core 8.8.0-8.8.7, 8.9.0, 9.0.0 - Remote Code Execution via Malicious Directory Creation
May 05, 2021
CVSS 8.8
EPSS 0.03
CVE-2020-13662
MEDIUM
Drupal Core < 7.70 - Open Redirect via Crafted URL
May 05, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-13666
MEDIUM
Drupal Core < 7.73, 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Cross-Site Scripting via AJAX API JSONP
May 05, 2021
CVSS 6.1
EPSS 0.03
CVE-2020-36193
HIGH
KEV
Archive_Tar < 1.4.11 - Path Traversal via Symbolic Link Handling
Jan 18, 2021
CVSS 7.5
EPSS 0.71
CVE-2020-35191
CRITICAL
Drupal Docker <8.5.10-fpm-alpine - Privilege Escalation
Dec 17, 2020
CVSS 9.8
EPSS 0.05
CVE-2020-13671
HIGH
KEV
Drupal Core < 7.74, 8.8.11, 8.9.9, 9.0.8 - Unrestricted Upload of File with Dangerous Type
Nov 20, 2020
CVSS 8.8
EPSS 0.04
CVE-2020-28949
HIGH
KEV
Archive_Tar <1.4.10 - Code Injection
Nov 19, 2020
CVSS 7.8
EPSS 0.85
CVE-2020-28948
HIGH
Archive_Tar < 1.4.11 - Deserialization of Untrusted Data via PHAR Case Bypass
Nov 19, 2020
CVSS 7.8
EPSS 0.47
CVE-2020-11022
MEDIUM
jQuery 1.12.0-3.4.1 - Cross-Site Scripting via DOM Manipulation Methods
Apr 29, 2020
CVSS 6.9
EPSS 0.99
CVE-2020-11023
MEDIUM
KEV
jQuery <3.5.0 - XSS
Apr 29, 2020
CVSS 6.9
EPSS 0.84
CVE-2020-9281
MEDIUM
CKEditor 4.0-4.13 - Cross-Site Scripting via Protected Comment Injection
Mar 07, 2020
CVSS 6.1
EPSS 0.04
CVE-2019-6342
CRITICAL
Drupal 8.7.4 - Access Bypass via Workspaces Module
May 28, 2020
CVSS 9.8
EPSS 0.02
CVE-2019-19826
CRITICAL
Drupal Views Dynamic Fields <= 7.x-1.0-alpha4 - PHP Object Injection via Insecure Unserialize
Dec 16, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-18856
HIGH
Drupal SVG Sanitizer <= 8.x-1.0-alpha1 - Denial of Service via SVG Use Element
Nov 11, 2019
CVSS 7.5
EPSS 0.01
Products
drupal 274
core 95
Drupal core 10
core-recommended 6
project_issue_tracking_module 6
print 5
aggregation_module 4
ai 4
everyblog 4
project 4
ubercart_module 4
AI (Artificial Intelligence) 3
Drupal Canvas 3
Drupal Core 3
OpenID Connect / OAuth client 3
content_construction_kit 3
drupal_project_issue_tracking 3
shindig-integrator 3
AI Agents 2
Advanced Content Feedback (aka admin_feedback) 2
Anti-Spam by CleanTalk 2
File Access Fix (deprecated) 2
FlowDrop 2
Login Disable 2
Paragraphs 2
SAML SSO - Service Provider 2
Tagify 2
activity 2
ajax_checklist 2
artificial_intelligence 2
Quick Filters