Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 254 CRITICAL 12 HIGH 57 MEDIUM 162 LOW 23
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v3
  • オープンソース
  • GPL v2

Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
251 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 5 1
252 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 23 1
253 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 39 1
254 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 68 8
255 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 61 14
256 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 43 8
257 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 37 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
251 -
7.5
HIGH Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2… CWE-94
Code Injection
CVE-2005-1921 cpe:2.3:a:drupal:drupal:*:* 4.6.0


4.6.2
4.5.4
2024-02-15 00:41
2005-07-5
Show GitHub Exploit DB Packet Storm
252 -
7.5
HIGH Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not impl… NVD-CWE-Other
CVE-2005-1871 cpe:2.3:a:drupal:drupal:4.6.0:*
cpe:2.3:a:drupal:drupal:4.5.2:*
cpe:2.3:a:drupal:drupal:4.5.1:*
cpe:2.3:a:drup…
2016-10-18 12:23
2005-06-9
Show GitHub Exploit DB Packet Storm
253 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs. NVD-CWE-Other
CVE-2005-0682 cpe:2.3:a:drupal:drupal:4.5.1:*
cpe:2.3:a:drupal:drupal:4.5.0:*
cpe:2.3:a:drupal:drupal:4.4.2:*
cpe:2.3:a:drup…
2008-09-6 05:47
2005-05-2
Show GitHub Exploit DB Packet Storm
254 -
4.3
MEDIUM Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. NVD-CWE-Other
CVE-2002-1806 cpe:2.3:a:drupal:drupal:4.0.0:* 2008-09-6 05:31
2002-12-31
Show GitHub Exploit DB Packet Storm