Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 249 CRITICAL 12 HIGH 57 MEDIUM 158 LOW 22
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v2
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
71 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 1 0
72 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 19 0
73 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 35 0
74 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 64 7
75 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 57 13
76 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 39 7
77 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 33 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
71 9.8
7.5 		CRITICAL
Network 		In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entit… NVD-CWE-noinfo
CVE-2017-6925 cpe:2.3:a:drupal:drupal:*:* 8.0.0 8.3.7 2024-11-21 12:30
2019-01-16 		Show GitHub Exploit DB Packet Storm
72 9.8
7.5 		CRITICAL
Network 		Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. CWE-19
 Data Processing Errors 		CVE-2017-6920 cpe:2.3:a:drupal:drupal:*:* 8.0.0 8.3.4 2024-11-21 12:30
2018-08-7 		Show GitHub Exploit DB Packet Storm
73 6.5
4.0 		MEDIUM
Network 		An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … NVD-CWE-noinfo
CVE-2018-14773 cpe:2.3:a:drupal:drupal:*:* 8.0.0 8.5.6 2024-11-21 12:49
2018-08-4 		Show GitHub Exploit DB Packet Storm
74 9.8
7.5 		CRITICAL
Network 		A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could resul… NVD-CWE-noinfo
CVE-2018-7602 cpe:2.3:a:drupal:drupal:*:* 8.4.0
8.5.0
7.0



8.4.8
8.5.3
7.59 		2024-11-21 13:12
2018-07-20 		Show GitHub Exploit DB Packet Storm
75 6.1
4.3 		MEDIUM
Network 		Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8… CWE-79
Cross-site Scripting 		CVE-2018-9861 cpe:2.3:a:drupal:drupal:*:* 8.5.0
8.0.0

8.5.2
8.4.7 		2024-11-21 13:15
2018-04-20 		Show GitHub Exploit DB Packet Storm
76 9.8
7.5 		CRITICAL
Network 		Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or co… CWE-20
 Improper Input Validation  		CVE-2018-7600 cpe:2.3:a:drupal:drupal:*:*
8.0.0
8.4.0
8.5.0 		7.57



8.3.9
8.4.6
8.5.1 		2024-11-21 13:12
2018-03-29 		Show GitHub Exploit DB Packet Storm
77 4.7
5.8 		MEDIUM
Network 		Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. T… CWE-601
Open Redirect 		CVE-2017-6932 cpe:2.3:a:drupal:drupal:*:* 7.0 7.57 2024-11-21 12:30
2018-03-2 		Show GitHub Exploit DB Packet Storm
78 6.5
4.0 		MEDIUM
Network 		In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2017-6931 cpe:2.3:a:drupal:drupal:*:* 8.4.0 8.4.5 2024-11-21 12:30
2018-03-2 		Show GitHub Exploit DB Packet Storm
79 8.1
6.8 		HIGH
Network 		In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. Th… NVD-CWE-noinfo
CVE-2017-6930 cpe:2.3:a:drupal:drupal:*:* 8.4.0 8.4.5 2024-11-21 12:30
2018-03-2 		Show GitHub Exploit DB Packet Storm
80 5.3
3.5 		MEDIUM
Network 		Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fa… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2017-6928 cpe:2.3:a:drupal:drupal:*:* 7.0 7.57 2024-11-21 12:30
2018-03-2 		Show GitHub Exploit DB Packet Storm