Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 254 CRITICAL 12 HIGH 57 MEDIUM 162 LOW 23
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v3
  • オープンソース
  • GPL v2

Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
21 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 5 1
22 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 23 1
23 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 39 1
24 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 68 8
25 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 61 14
26 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 43 8
27 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 37 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
21 7.5
5.0
HIGH
Network
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values… - CVE-2022-24775 cpe:2.3:a:drupal:drupal:*:* 9.3.0
8.0.0


9.3.9
9.2.16
2024-11-21 15:51
2022-03-22
Show GitHub Exploit DB Packet Storm
22 7.5
5.0
HIGH
Network
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog inp… CWE-1333
 Inefficient Regular Expression Complexity
CVE-2022-24729 cpe:2.3:a:drupal:drupal:*:* 9.3.0
8.0.0


9.3.8
9.2.15
2024-11-21 15:50
2022-03-17
Show GitHub Exploit DB Packet Storm
23 5.4
3.5
MEDIUM
Network
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to ver… CWE-79
Cross-site Scripting
CVE-2022-24728 cpe:2.3:a:drupal:drupal:*:* 9.3.0
8.0.0


9.3.8
9.2.15
2024-11-21 15:50
2022-03-17
Show GitHub Exploit DB Packet Storm
24 6.5
4.0
MEDIUM
Network
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not autho… CWE-863
 Incorrect Authorization
CVE-2022-25270 cpe:2.3:a:drupal:drupal:*:* 9.3.0
9.2.0


9.3.6
9.2.13
2024-11-21 15:51
2022-02-17
Show GitHub Exploit DB Packet Storm
25 7.5
4.3
HIGH
Network
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values … CWE-20
 Improper Input Validation 
CVE-2022-25271 cpe:2.3:a:drupal:drupal:*:* 9.3.0
9.2.0
7.0.0




9.3.6
9.2.13
7.88
2024-11-21 15:51
2022-02-17
Show GitHub Exploit DB Packet Storm
26 7.5
4.3
HIGH
Network
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API modul… NVD-CWE-Other
CVE-2020-13677 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.0.0




9.2.6
9.1.13
8.9.19
2024-11-21 14:01
2022-02-12
Show GitHub Exploit DB Packet Storm
27 6.5
4.0
MEDIUM
Network
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which come… CWE-863
 Incorrect Authorization
CVE-2020-13676 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.9.0




9.2.6
9.1.13
8.9.19
2024-11-21 14:01
2022-02-12
Show GitHub Exploit DB Packet Storm
28 9.8
7.5
CRITICAL
Network
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker migh… CWE-434
 Unrestricted Upload of File with Dangerous Type 
CVE-2020-13675 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.0.0




9.2.6
9.1.13
8.9.19
2024-11-21 14:01
2022-02-12
Show GitHub Exploit DB Packet Storm
29 6.5
4.3
MEDIUM
Network
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affe… CWE-352
 Origin Validation Error
CVE-2020-13674 cpe:2.3:a:drupal:drupal:*:* 9.2.0
9.1.0
8.9.0




9.2.6
9.1.13
8.9.19
2024-11-21 14:01
2022-02-12
Show GitHub Exploit DB Packet Storm
30 6.1
2.6
MEDIUM
Network
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions pr… CWE-79
Cross-site Scripting
CVE-2020-13672 cpe:2.3:a:drupal:drupal:*:* 9.1.0
9.0.0
8.9.0






9.1.7
9.0.12
8.9.14
7.80
2024-11-21 14:01
2022-02-12
Show GitHub Exploit DB Packet Storm