Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 254 CRITICAL 12 HIGH 57 MEDIUM 162 LOW 23
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v2
  • GPL v3
  • オープンソース

Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
71 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 5 1
72 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 23 1
73 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 39 1
74 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 68 8
75 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 61 14
76 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 43 8
77 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 37 7
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
71 9.8
7.5
CRITICAL
Network
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file opera… CWE-20
 Improper Input Validation 
CVE-2019-6339 cpe:2.3:a:drupal:drupal:*:* 7.0
8.5.0
8.6.0




7.62
8.5.9
8.6.6
2024-11-21 13:46
2019-01-23
Show GitHub Exploit DB Packet Storm
72 6.5
4.0
MEDIUM
Network
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visi… CWE-552
 Files or Directories Accessible to External Parties
CVE-2017-6922 cpe:2.3:a:drupal:drupal:*:* 8.0.0
7.0


8.3.4
7.56
2024-11-21 12:30
2019-01-23
Show GitHub Exploit DB Packet Storm
73 8.0
6.0
HIGH
Network
In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which … CWE-502
 Deserialization of Untrusted Data
CVE-2019-6338 cpe:2.3:a:drupal:drupal:*:* 7.0
8.5.0
8.6.0




7.62
8.5.9
8.6.6
2024-11-21 13:46
2019-01-22
Show GitHub Exploit DB Packet Storm
74 5.9
4.3
MEDIUM
Network
In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) modu… CWE-20
 Improper Input Validation 
CVE-2017-6921 cpe:2.3:a:drupal:drupal:*:* 8.0.0 8.3.4 2024-11-21 12:30
2019-01-16
Show GitHub Exploit DB Packet Storm
75 7.4
5.8
HIGH
Network
In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comme… CWE-269
 Improper Privilege Management
CVE-2017-6924 cpe:2.3:a:drupal:drupal:*:* 8.0.0 8.3.7 2024-11-21 12:30
2019-01-16
Show GitHub Exploit DB Packet Storm
76 9.8
7.5
CRITICAL
Network
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entit… NVD-CWE-noinfo
CVE-2017-6925 cpe:2.3:a:drupal:drupal:*:* 8.0.0 8.3.7 2024-11-21 12:30
2019-01-16
Show GitHub Exploit DB Packet Storm
77 9.8
7.5
CRITICAL
Network
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. CWE-19
 Data Processing Errors
CVE-2017-6920 cpe:2.3:a:drupal:drupal:*:* 8.0.0 8.3.4 2024-11-21 12:30
2018-08-7
Show GitHub Exploit DB Packet Storm
78 6.5
4.0
MEDIUM
Network
An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … NVD-CWE-noinfo
CVE-2018-14773 cpe:2.3:a:drupal:drupal:*:* 8.0.0 8.5.6 2024-11-21 12:49
2018-08-4
Show GitHub Exploit DB Packet Storm
79 9.8
7.5
CRITICAL
Network
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could resul… NVD-CWE-noinfo
CVE-2018-7602 cpe:2.3:a:drupal:drupal:*:* 8.4.0
8.5.0
7.0




8.4.8
8.5.3
7.59
2024-11-21 13:12
2018-07-20
Show GitHub Exploit DB Packet Storm
80 6.1
4.3
MEDIUM
Network
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8… CWE-79
Cross-site Scripting
CVE-2018-9861 cpe:2.3:a:drupal:drupal:*:* 8.5.0
8.0.0


8.5.2
8.4.7
2024-11-21 13:15
2018-04-20
Show GitHub Exploit DB Packet Storm