Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 248 CRITICAL 11 HIGH 57 MEDIUM 158 LOW 22
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v2
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
221 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 0 1 1 0
222 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 2 20 19 0
223 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 10 29 35 0
224 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 64 7
225 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 57 13
226 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 39 7
227 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 33 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
221 -
6.5 		MEDIUM The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input … NVD-CWE-noinfo
CVE-2007-0626 cpe:2.3:a:drupal:drupal:*:*
5.0
4.7.0
 4.7.6
5.1 		2026-04-23 09:35
2007-02-1 		Show GitHub Exploit DB Packet Storm
222 -
4.3 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) … CWE-79
Cross-site Scripting 		CVE-2007-0136 cpe:2.3:a:drupal:drupal:*:* 4.6.0
4.7.0

4.6.11
4.7.5 		2026-04-23 09:35
2007-01-9 		Show GitHub Exploit DB Packet Storm
223 -
3.5 		LOW Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified… NVD-CWE-Other
CVE-2007-0124 cpe:2.3:a:drupal:drupal:4.7:*
cpe:2.3:a:drupal:drupal:4.7.4:*
cpe:2.3:a:drupal:drupal:4.7.3:*
cpe:2.3:a:drupal… 		2026-04-23 09:35
2007-01-9 		Show GitHub Exploit DB Packet Storm
224 -
6.8 		MEDIUM Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted … NVD-CWE-Other
CVE-2006-5475 cpe:2.3:a:drupal:drupal:4.7.3:*
cpe:2.3:a:drupal:drupal:4.7.2:*
cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drup… 		2026-04-23 09:35
2006-10-25 		Show GitHub Exploit DB Packet Storm
225 -
7.5 		HIGH Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vecto… NVD-CWE-Other
CVE-2006-5476 cpe:2.3:a:drupal:drupal:4.7.3:*
cpe:2.3:a:drupal:drupal:4.7.2:*
cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drup… 		2026-04-23 09:35
2006-10-25 		Show GitHub Exploit DB Packet Storm
226 -
2.6 		LOW Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. NVD-CWE-Other
CVE-2006-5477 cpe:2.3:a:drupal:drupal:4.7.3:*
cpe:2.3:a:drupal:drupal:4.7.2:*
cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drup… 		2026-04-23 09:35
2006-10-25 		Show GitHub Exploit DB Packet Storm
227 -
5.1 		MEDIUM Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vec… NVD-CWE-Other
CVE-2006-4120 cpe:2.3:a:drupal:drupal:4.5:*
cpe:2.3:a:drupal:drupal:4.5.7:*
cpe:2.3:a:drupal:drupal:4.5.6:*
cpe:2.3:a:drupal… 		4.6 2017-07-20 10:32
2006-08-15 		Show GitHub Exploit DB Packet Storm
228 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: … NVD-CWE-Other
CVE-2006-4002 cpe:2.3:a:drupal:drupal:4.7.2:*
cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drupal:drupal:4.7.0:*
cpe:2.3:a:drup… 		2017-07-20 10:32
2006-08-8 		Show GitHub Exploit DB Packet Storm
229 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspeci… NVD-CWE-Other
CVE-2006-3570 cpe:2.3:a:drupal:drupal:4.7:*
cpe:2.3:a:drupal:drupal:4.6:* 		2017-07-20 10:32
2006-07-13 		Show GitHub Exploit DB Packet Storm
230 -
7.5 		HIGH Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute ar… NVD-CWE-Other
CVE-2006-2831 cpe:2.3:a:drupal:drupal:4.7.1:*
cpe:2.3:a:drupal:drupal:4.7.0:*
cpe:2.3:a:drupal:drupal:4.6:*
cpe:2.3:a:drupal… 		2018-10-19 01:43
2006-06-6 		Show GitHub Exploit DB Packet Storm