Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 249 CRITICAL 12 HIGH 57 MEDIUM 158 LOW 22
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v2
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 1 0
32 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 19 0
33 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 35 0
34 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 64 7
35 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 57 13
36 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 39 7
37 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 33 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 6.1
4.3 		MEDIUM
Network 		jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. T… - CVE-2021-41184 cpe:2.3:a:drupal:drupal:*:* 9.3.0
9.2.0
7.0



9.3.3
9.2.11
7.86 		2024-11-21 15:25
2021-10-27 		Show GitHub Exploit DB Packet Storm
32 6.1
4.3 		MEDIUM
Network 		jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted … - CVE-2021-41183 cpe:2.3:a:drupal:drupal:*:* 9.3.0
9.2.0
7.0



9.3.3
9.2.11
7.86 		2024-11-21 15:25
2021-10-27 		Show GitHub Exploit DB Packet Storm
33 6.1
4.3 		MEDIUM
Network 		jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted co… - CVE-2021-41182 cpe:2.3:a:drupal:drupal:*:* 7.0 7.86 2024-11-21 15:25
2021-10-27 		Show GitHub Exploit DB Packet Storm
34 8.8
6.8 		HIGH
Network 		Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. CWE-352
 Origin Validation Error 		CVE-2020-13663 cpe:2.3:a:drupal:drupal:*:* 9.0.0
8.9.0
8.8.0
7.0





9.0.1
8.9.1
8.8.8
7.72 		2024-11-21 14:01
2021-06-12 		Show GitHub Exploit DB Packet Storm
35 6.1
4.3 		MEDIUM
Network 		Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupa… CWE-79
Cross-site Scripting 		CVE-2020-13688 cpe:2.3:a:drupal:drupal:*:* 9.0.0
8.9.0
8.8.0



9.0.6
8.9.6
8.8.10 		2024-11-21 14:01
2021-06-12 		Show GitHub Exploit DB Packet Storm
36 6.1
4.3 		MEDIUM
Network 		A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted … CWE-79
Cross-site Scripting 		CVE-2021-33829 cpe:2.3:a:drupal:drupal:*:* 9.1.0
9.0.0
8.9.0



9.1.9
9.0.14
8.9.16 		2024-11-21 15:09
2021-06-9 		Show GitHub Exploit DB Packet Storm
37 5.3
4.3 		MEDIUM
Network 		Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switch… CWE-276
Incorrect Default Permissions  		CVE-2020-13667 cpe:2.3:a:drupal:drupal:*:* 9.0.0
8.9.0
8.8.0



9.0.6
8.9.6
8.8.10 		2024-11-21 14:01
2021-05-18 		Show GitHub Exploit DB Packet Storm
38 9.8
7.5 		CRITICAL
Network 		Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issu… NVD-CWE-noinfo
CVE-2020-13665 cpe:2.3:a:drupal:drupal:*:* 9.0.0
8.9.0
8.8.0



9.0.1
8.9.1
8.8.8 		2024-11-21 14:01
2021-05-6 		Show GitHub Exploit DB Packet Storm
39 8.8
9.3 		HIGH
Network 		Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefull… CWE-77
Command Injection 		CVE-2020-13664 cpe:2.3:a:drupal:drupal:*:* 9.0.0
8.9.0
8.8.0



9.0.1
8.9.1
8.8.8 		2024-11-21 14:01
2021-05-6 		Show GitHub Exploit DB Packet Storm
40 6.1
5.8 		MEDIUM
Network 		Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal… CWE-601
Open Redirect 		CVE-2020-13662 cpe:2.3:a:drupal:drupal:*:* 7.0 7.70 2024-11-21 14:01
2021-05-6 		Show GitHub Exploit DB Packet Storm