Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 248 CRITICAL 11 HIGH 57 MEDIUM 158 LOW 22
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v2
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
11 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 0 1 1 0
12 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 2 20 19 0
13 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 10 29 35 0
14 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 64 7
15 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 57 13
16 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 39 7
17 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 33 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
11 7.5
- 		HIGH
Network 		Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a us… CWE-22
Path Traversal 		CVE-2022-39261 cpe:2.3:a:drupal:drupal:*:* 9.4.0
8.0.0

9.4.7
9.3.22 		2024-11-21 16:17
2022-09-28 		Show GitHub Exploit DB Packet Storm
12 7.5
5.0 		HIGH
Network 		Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds w… CWE-212
 Improper Removal of Sensitive Information Before Storage or Transfer 		CVE-2022-31043 cpe:2.3:a:drupal:drupal:9.4.0:rc1
cpe:2.3:a:drupal:drupal:9.4.0:beta1
cpe:2.3:a:drupal:drupal:9.4.0:alpha1
cpe… 		9.3.0
9.2.0

9.3.16
9.2.21 		2024-11-21 16:03
2022-06-10 		Show GitHub Exploit DB Packet Storm
13 7.5
5.0 		HIGH
Network 		Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with… CWE-212
 Improper Removal of Sensitive Information Before Storage or Transfer 		CVE-2022-31042 cpe:2.3:a:drupal:drupal:9.4.0:rc1
cpe:2.3:a:drupal:drupal:9.4.0:beta1
cpe:2.3:a:drupal:drupal:9.4.0:alpha1
cpe… 		9.3.0
9.2.0

9.3.16
9.2.21 		2024-11-21 16:03
2022-06-10 		Show GitHub Exploit DB Packet Storm
14 8.1
5.8 		HIGH
Network 		Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the … CWE-565
 Reliance on Cookies without Validation and Integrity Checking 		CVE-2022-29248 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.3.0

9.2.20
9.3.14 		2024-11-21 15:58
2022-05-26 		Show GitHub Exploit DB Packet Storm
15 7.5
5.0 		HIGH
Network 		guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values… - CVE-2022-24775 cpe:2.3:a:drupal:drupal:*:* 9.3.0
8.0.0

9.3.9
9.2.16 		2024-11-21 15:51
2022-03-22 		Show GitHub Exploit DB Packet Storm
16 7.5
5.0 		HIGH
Network 		CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog inp… CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2022-24729 cpe:2.3:a:drupal:drupal:*:* 9.3.0
8.0.0

9.3.8
9.2.15 		2024-11-21 15:50
2022-03-17 		Show GitHub Exploit DB Packet Storm
17 5.4
3.5 		MEDIUM
Network 		CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to ver… CWE-79
Cross-site Scripting 		CVE-2022-24728 cpe:2.3:a:drupal:drupal:*:* 9.3.0
8.0.0

9.3.8
9.2.15 		2024-11-21 15:50
2022-03-17 		Show GitHub Exploit DB Packet Storm
18 6.5
4.0 		MEDIUM
Network 		The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not autho… CWE-863
 Incorrect Authorization 		CVE-2022-25270 cpe:2.3:a:drupal:drupal:*:* 9.3.0
9.2.0

9.3.6
9.2.13 		2024-11-21 15:51
2022-02-17 		Show GitHub Exploit DB Packet Storm
19 7.5
4.3 		HIGH
Network 		Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values … CWE-20
 Improper Input Validation  		CVE-2022-25271 cpe:2.3:a:drupal:drupal:*:* 9.3.0
9.2.0
7.0.0



9.3.6
9.2.13
7.88 		2024-11-21 15:51
2022-02-17 		Show GitHub Exploit DB Packet Storm
20 7.5
4.3 		HIGH
Network 		Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API modul… NVD-CWE-Other
CVE-2020-13677 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.0.0



9.2.6
9.1.13
8.9.19 		2024-11-21 14:01
2022-02-12 		Show GitHub Exploit DB Packet Storm