Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Drupal Number Of NVD 249 CRITICAL 12 HIGH 57 MEDIUM 158 LOW 22
URL https://www.drupal.org/
Explanation Drupal is an open source Content Management System (CMS).
Compared to WordPress and Joomla, it is said to be faster in displaying pages.
Tag
  • GPL v2
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.drupal.org/download
2 https://www.drupal.org/project/drupal/releases
3 https://github.com/drupal/drupal
4 https://www.drupal.org/about/drupal6-eol
5 https://www.drupal.org/blog/drupal-7-8-and-9
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
81 Drupal 10 10.6.0-beta1 Nov. 25, 2025 Dec. 15, 2022 1 1 1 0
82 Drupal 9 9.5.11 Sept. 20, 2023 June 3, 2020 3 20 19 0
83 Drupal 8 8.9.20 Nov. 17, 2021 June 3, 2020 Nov. 30, 2021 11 29 35 0
84 Drupal 7 7.103 Dec. 4, 2024 Jan. 5, 2011 Nov. 30, 2021 4 18 64 7
85 Drupal 6 6.38 Feb. 24, 2016 Feb. 13, 2008 Feb. 24, 2016 2 10 57 13
86 Drupal 5 5.23 Aug. 11, 2010 Jan. 15, 2007 Jan. 6, 2011 1 5 39 7
87 Drupal 4 4.7.11 Jan. 10, 2008 June 15, 2002 Jan. 1, 1900 1 7 33 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
81 8.1
5.5 		HIGH
Network 		In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this conte… CWE-200
Information Exposure 		CVE-2017-6926 cpe:2.3:a:drupal:drupal:*:* 8.4.0 8.4.5 2024-11-21 12:30
2018-03-2 		Show GitHub Exploit DB Packet Storm
82 6.1
4.3 		MEDIUM
Network 		A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in or… CWE-79
Cross-site Scripting 		CVE-2017-6929 cpe:2.3:a:drupal:drupal:*:* 7.0
8.0.0

7.57
8.4.0 		2024-11-21 12:30
2018-03-2 		Show GitHub Exploit DB Packet Storm
83 6.1
4.3 		MEDIUM
Network 		Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (a… CWE-79
Cross-site Scripting 		CVE-2017-6927 cpe:2.3:a:drupal:drupal:*:* 8.4.0
7.0

8.4.5
7.57 		2024-11-21 12:30
2018-03-2 		Show GitHub Exploit DB Packet Storm
84 6.1
5.8 		MEDIUM
Network 		Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote atta… CWE-601
Open Redirect 		CVE-2015-7943 cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal:drupal:7.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 11:37
2017-10-19 		Show GitHub Exploit DB Packet Storm
85 4.3
4.0 		MEDIUM
Network 		The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and … CWE-200
Information Exposure 		CVE-2015-7880 cpe:2.3:a:drupal:drupal:7.x-1.4:*
cpe:2.3:a:drupal:drupal:7.x-1.3:*
cpe:2.3:a:drupal:drupal:7.x-1.2:*
cpe:2.3:… 		2024-11-21 11:37
2017-09-14 		Show GitHub Exploit DB Packet Storm
86 6.1
5.8 		MEDIUM
Network 		Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi… CWE-601
Open Redirect 		CVE-2015-2750 cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal:drupal:7.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 11:27
2017-09-14 		Show GitHub Exploit DB Packet Storm
87 6.1
5.8 		MEDIUM
Network 		Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination pa… CWE-601
Open Redirect 		CVE-2015-2749 cpe:2.3:a:drupal:drupal:7.9:*
cpe:2.3:a:drupal:drupal:7.8:*
cpe:2.3:a:drupal:drupal:7.7:*
cpe:2.3:a:drupal:dru… 		2024-11-21 11:27
2017-09-14 		Show GitHub Exploit DB Packet Storm
88 7.5
6.0 		HIGH
Network 		Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. NVD-CWE-noinfo
CVE-2017-6919 cpe:2.3:a:drupal:drupal:8.3.0:rc2
cpe:2.3:a:drupal:drupal:8.3.0:rc1
cpe:2.3:a:drupal:drupal:8.3.0:beta1
cpe:2.… 		2024-11-21 12:30
2017-04-20 		Show GitHub Exploit DB Packet Storm
89 8.1
6.8 		HIGH
Network 		A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, a… CWE-829
 Inclusion of Functionality from Untrusted Control Sphere 		CVE-2017-6381 cpe:2.3:a:drupal:drupal:8.2.1:*
cpe:2.3:a:drupal:drupal:8.2.0:rc2
cpe:2.3:a:drupal:drupal:8.2.0:rc1
cpe:2.3:a:… 		2024-11-21 12:29
2017-03-16 		Show GitHub Exploit DB Packet Storm
90 7.5
5.1 		HIGH
Network 		Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that use… CWE-352
 Origin Validation Error 		CVE-2017-6379 cpe:2.3:a:drupal:drupal:8.2.6:*
cpe:2.3:a:drupal:drupal:8.2.5:*
cpe:2.3:a:drupal:drupal:8.2.4:*
cpe:2.3:a:drup… 		2024-11-21 12:29
2017-03-16 		Show GitHub Exploit DB Packet Storm