Vulnerability Database

317,182

Total vulnerabilities in the database

Vulnerabilities for products matching "drupal"

Found 1 matching product.

You can search for specific versions with /product/drupal/1.2.3

Composer icon

drupal / drupal

282 vulnerabilities found
Title Severity Exploit Date Affected Version
CVE-2025-13082
Low November 18, 2025 11/18/25
>= 8.0.0 < 10.4.9
>= 10.5.0 < 10.5.6
>= 11.0.0 < 11.1.9
>= 11.2.0 < 11.2.8
CVE-2025-13083
Low November 18, 2025 11/18/25
>= 8.0.0 < 10.4.9
>= 10.5.0 < 10.5.6
>= 11.0.0 < 11.1.9
>= 11.2.0 < 11.2.8
CVE-2025-13080
Medium November 18, 2025 11/18/25
>= 8.0.0 < 10.4.9
>= 10.5.0 < 10.5.6
>= 11.0.0 < 11.1.9
>= 11.2.0 < 11.2.8
CVE-2025-13081
Medium November 18, 2025 11/18/25
>= 8.0.0 < 10.4.9
>= 10.5.0 < 10.5.6
>= 11.0.0 < 11.1.9
>= 11.2.0 < 11.2.8
CVE-2025-3057
Medium April 1, 2025 4/1/25
>= 10.4.0 < 10.4.3
>= 11.0.0 < 11.0.12
>= 11.1.0 < 11.1.3
>= 8.0.0 < 10.3.13
CVE-2025-31674
Medium April 1, 2025 4/1/25
>= 10.4.0 < 10.4.3
>= 11.0.0 < 11.0.12
>= 11.1.0 < 11.1.3
>= 8.0.0 < 10.3.13
CVE-2025-31675
Low April 1, 2025 4/1/25
>= 10.4.0 < 10.4.5
>= 11.0.0 < 11.0.13
>= 11.1.0 < 11.1.5
>= 8.0.0 < 10.3.14
CVE-2025-31673
Medium April 1, 2025 4/1/25
>= 10.4.0 < 10.4.3
>= 11.0.0 < 11.0.12
>= 11.1.0 < 11.1.3
>= 8.0.0 < 10.3.13
CVE-2024-55638
Critical December 10, 2024 12/10/24
>= 10.3.0 < 10.3.9
>= 7.0 < 7.102
>= 8.0.0 < 10.2.11
CVE-2024-55637
Critical December 10, 2024 12/10/24
>= 10.3.0 < 10.3.9
>= 8.0.0 < 10.2.11
>= 11.0.0 < 11.0.8
CVE-2024-55636
Critical December 10, 2024 12/10/24
>= 10.3.0 < 10.3.9
>= 8.0.0 < 10.2.11
>= 11.0.0 < 11.0.8
CVE-2024-55635
Medium December 10, 2024 12/10/24
>= 7.0 < 7.102
CVE-2024-55634
High December 10, 2024 12/10/24
>= 10.3.0 < 10.3.9
>= 8.0.0 < 10.2.11
>= 11.0.0 < 11.0.8
CVE-2024-12393
Medium December 10, 2024 12/10/24
>= 10.3.0 < 10.3.9
>= 11.0.0 < 11.0.8
>= 8.8.0 < 10.2.11
CVE-2024-11942
Medium December 5, 2024 12/5/24
>= 10.0.0 < 10.2.10
CVE-2024-11941
High December 5, 2024 12/5/24
>= 10.2.0 < 10.2.2
>= 8.0.0 < 10.1.8
CVE-2024-45440
Medium August 29, 2024 8/29/24
== 2023-05-09
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
Medium May 15, 2024 5/15/24
>= 8.0.0 < 8.9.16
>= 9.0.0 < 9.1.12
>= 9.2.0 < 9.2.4
Drupal core Arbitrary PHP code execution
High May 15, 2024 5/15/24
>= 7.0.0 < 7.75
>= 8.0.0 < 8.8.12
>= 8.9.0 < 8.9.10
>= 9.0.0 < 9.0.9
Drupal core uses a vulnerable Third-party library CKEditor
Medium May 15, 2024 5/15/24
>= 8.0.0 < 8.7.12
>= 8.8.0 < 8.8.4
Drupal core Open Redirect vulnerability
Medium May 15, 2024 5/15/24
>= 7.0.0 < 7.70
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
High May 15, 2024 5/15/24
>= 7.0.0 < 7.69
>= 8.0.0 < 8.7.11
>= 8.8.0 < 8.8.1
Drupal core Access control bypass
Medium May 15, 2024 5/15/24
>= 8.0.0 < 8.7.11
>= 8.8.0 < 8.8.1
Drupal core Denial of Service
Medium May 15, 2024 5/15/24
>= 8.0.0 < 8.7.11
>= 8.8.0 < 8.8.1
Drupal core Remote Code Execution
Critical May 15, 2024 5/15/24
>= 7.0 < 7.60
>= 8.0.0 < 8.5.8
>= 8.6.0 < 8.6.2
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical May 15, 2024 5/15/24
>= 8.0.0 < 8.5.8
>= 8.6.0 < 8.6.2
Drupal Malicious file upload with filenames stating with dot
Medium May 15, 2024 5/15/24
>= 8.0.0 < 8.7.11
>= 8.8.0 < 8.8.1
Drupal Anonymous Open Redirect
Medium May 15, 2024 5/15/24
>= 8.0.0 < 8.5.8
>= 8.6.0 < 8.6.2
Drupal Content moderation Access bypass
Medium May 15, 2024 5/15/24
>= 8.0.0 < 8.5.8
>= 8.6.0 < 8.6.2
Drupal External URL injection through URL aliases leading to Open Redirect
Medium May 15, 2024 5/15/24
>= 7.0 < 7.60
>= 8.0.0 < 8.5.8
>= 8.6.0 < 8.6.2
CVE-2024-22362
High January 16, 2024 1/16/24
== 9.3.6
CVE-2023-5256
High September 28, 2023 9/28/23
>= 10.0.0 < 10.0.11
>= 10.1.0 < 10.1.4
>= 8.7.0 < 9.5.11
CVE-2023-31250
Medium April 26, 2023 4/26/23
>= 10.0 < 10.0.8
>= 7.0 < 7.96
>= 9.4 < 9.4.14
>= 9.5 < 9.5.8
CVE-2022-25276
Medium April 26, 2023 4/26/23
>= 9.3.0 < 9.3.19
>= 9.4.0 < 9.4.3
CVE-2022-25278
Medium April 26, 2023 4/26/23
>= 8.0.0 < 9.3.19
>= 9.4.0 < 9.4.3
CVE-2022-25277
High April 26, 2023 4/26/23
>= 8.0.0 < 9.3.19
>= 9.4.0 < 9.4.3
CVE-2022-25275
High April 26, 2023 4/26/23
>= 7.0 < 7.91
>= 8.0.0 < 9.3.19
>= 9.4.0 < 9.4.3
CVE-2022-25274
Medium April 26, 2023 4/26/23
>= 9.3.0 < 9.3.12
CVE-2022-25273
High April 26, 2023 4/26/23
>= 8.0.0 < 9.2.18
>= 9.3.0 < 9.3.12
CVE-2022-39261
High September 28, 2022 9/28/22
>= 8.0.0 < 9.3.22
>= 9.4.0 < 9.4.7
CVE-2022-31042
High June 10, 2022 6/10/22
>= 9.2.0 < 9.2.21
>= 9.3.0 < 9.3.16
== 9.4.0-alpha1
== 9.4.0-beta1
== 9.4.0-rc1
CVE-2022-31043
High June 10, 2022 6/10/22
>= 9.2.0 < 9.2.21
>= 9.3.0 < 9.3.16
== 9.4.0-alpha1
== 9.4.0-beta1
== 9.4.0-rc1
CVE-2022-29248
High May 25, 2022 5/25/22
>= 9.2.0 < 9.2.20
>= 9.3.0 < 9.3.14
CVE-2022-24775
High March 21, 2022 3/21/22
>= 8.0.0 < 9.2.16
>= 9.3.0 < 9.3.9
CVE-2022-24729
Medium March 16, 2022 3/16/22
>= 8.0.0 < 9.2.15
>= 9.3.0 < 9.3.8
CVE-2022-24728
Medium March 16, 2022 3/16/22
>= 8.0.0 < 9.2.15
>= 9.3.0 < 9.3.8
CVE-2022-25270
Medium February 17, 2022 2/17/22
>= 9.2.0 < 9.2.13
>= 9.3.0 < 9.3.6
CVE-2022-25271
High February 16, 2022 2/16/22
>= 7.0.0 < 7.88
>= 9.2.0 < 9.2.13
>= 9.3.0 < 9.3.6
CVE-2020-13668
Medium February 11, 2022 2/11/22
>= 8.8.0 < 8.8.10
>= 8.9.0 < 8.9.6
>= 9.0.0 < 9.0.6
CVE-2020-13669
Medium February 11, 2022 2/11/22
>= 9.0.0 < 9.0.6
>= 8.9.0 < 8.9.6
>= 8.8.0 < 8.8.10