Drupal Drupal Core
41 CVEs affecting Drupal Drupal Core. Latest disclosed: 2026-05-20. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-9082 | Critical | 9.8 | 2026-05-20 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affe… |
CVE-2017-6381 | High | 8.1 | 2017-03-16 | A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htac… |
CVE-2017-6379 | High | 7.5 | 2017-03-16 | Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This… |
CVE-2017-6377 | High | 7.5 | 2017-03-16 | When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an… |
CVE-2026-6366 | Medium | 6.6 | 2026-05-19 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects… |
CVE-2026-6367 | Medium | 6.1 | 2026-05-19 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). Th… |
CVE-2026-6365 | Medium | 6.1 | 2026-05-19 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). Th… |
CVE-2025-13083 | | 2025-11-18 | Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security… | |
CVE-2025-13082 | | 2025-11-18 | User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from… | |
CVE-2025-13081 | | 2025-11-18 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects D… | |
CVE-2025-13080 | | 2025-11-18 | Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 be… | |
CVE-2025-31675 | | 2025-03-31 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This… | |
CVE-2025-31674 | | 2025-03-31 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects D… | |
CVE-2025-31673 | | 2025-03-31 | Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 bef… | |
CVE-2025-3057 | | 2025-03-31 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This… | |
CVE-2024-55638 | | 2024-12-09 | Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before… | |
CVE-2024-55637 | | 2024-12-09 | Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 b… | |
CVE-2024-55636 | | 2024-12-09 | Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 b… | |
CVE-2024-55635 | | 2024-12-09 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This… | |
CVE-2024-55634 | | 2024-12-09 | A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 be… |