Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 249 CRITICAL 12 HIGH 57 MEDIUM 158 LOW 22
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v3
  • オープンソース
  • GPL v2
Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 1 0
22 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 19 0
23 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 35 0
24 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 64 7
25 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 57 13
26 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 39 7
27 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 33 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 7.5
4.3 		HIGH
Network 		Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API modul… NVD-CWE-Other
CVE-2020-13677 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.0.0



9.2.6
9.1.13
8.9.19 		2024-11-21 14:01
2022-02-12 		Show GitHub Exploit DB Packet Storm
22 6.5
4.0 		MEDIUM
Network 		The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which come… CWE-863
 Incorrect Authorization 		CVE-2020-13676 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.9.0



9.2.6
9.1.13
8.9.19 		2024-11-21 14:01
2022-02-12 		Show GitHub Exploit DB Packet Storm
23 9.8
7.5 		CRITICAL
Network 		Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker migh… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2020-13675 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.0.0



9.2.6
9.1.13
8.9.19 		2024-11-21 14:01
2022-02-12 		Show GitHub Exploit DB Packet Storm
24 6.5
4.3 		MEDIUM
Network 		The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affe… CWE-352
 Origin Validation Error 		CVE-2020-13674 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.9.0



9.2.6
9.1.13
8.9.19 		2024-11-21 14:01
2022-02-12 		Show GitHub Exploit DB Packet Storm
25 6.1
2.6 		MEDIUM
Network 		Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions pr… CWE-79
Cross-site Scripting 		CVE-2020-13672 cpe:2.3:a:drupal:drupal:*:* 9.1.0
9.0.0
8.9.0





9.1.7
9.0.12
8.9.14
7.80 		2024-11-21 14:01
2022-02-12 		Show GitHub Exploit DB Packet Storm
26 7.5
5.0 		HIGH
Network 		Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the I… CWE-668
 Exposure of Resource to Wrong Sphere 		CVE-2020-13670 cpe:2.3:a:drupal:drupal:*:* 9.0.0
8.9.0
8.8.0



9.0.6
8.9.6
8.8.10 		2024-11-21 14:01
2022-02-12 		Show GitHub Exploit DB Packet Storm
27 6.1
4.3 		MEDIUM
Network 		Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.… CWE-79
Cross-site Scripting 		CVE-2020-13669 cpe:2.3:a:drupal:drupal:*:* 9.0.0
8.9.0
8.8.0



9.0.6
8.9.6
8.8.10 		2024-11-21 14:01
2022-02-12 		Show GitHub Exploit DB Packet Storm
28 6.1
4.3 		MEDIUM
Network 		Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8… CWE-79
Cross-site Scripting 		CVE-2020-13668 cpe:2.3:a:drupal:drupal:*:* 9.0.0
8.9.0
8.8.0



9.0.6
8.9.6
8.8.10 		2024-11-21 14:01
2022-02-12 		Show GitHub Exploit DB Packet Storm
29 5.4
3.5 		MEDIUM
Network 		CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerab… - CVE-2021-41165 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.9.0



9.2.9
9.1.14
8.9.20 		2024-11-21 15:25
2021-11-18 		Show GitHub Exploit DB Packet Storm
30 5.4
3.5 		MEDIUM
Network 		CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. Th… - CVE-2021-41164 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.9.0



9.2.9
9.1.14
8.9.20 		2024-11-21 15:25
2021-11-18 		Show GitHub Exploit DB Packet Storm