Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Drupal:Drupal CorecoreOpen SocialEnterprise MFA - TFA for DrupalAI (Artificial Intelligence)COOKiES Consent ManagementTwo-factor Authentication (TFA)One Time PasswordAuthenticator LoginOpenID Connect / OAuth clientFacetsData-moduleKlaro Cookie & Consent ManagementAccess codeQuick Node BlockSimple KlaroGoogle TagEmail TFACivicTheme Design SystemAcquia DAMDrupalPOST FileParagraphs tableTagifyDrupal CanvasLogin DisableNode Access Rebuild ProgressiveMonster MenusFile Entity (fieldable files)File Access Fix (deprecated)
CVE IDTitleCVSSSeverityPaused
CVE-2025-10927 Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107 — Plausible trackingCWE-79 6.1AIMediumAI2025-10-29
CVE-2025-10926 JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106 — JSON FieldCWE-79 6.1AIMediumAI2025-10-29
CVE-2025-9954 Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105 — Acquia DAMCWE-862 7.5AIHighAI2025-10-29
CVE-2025-9554 Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104 — Owl Carousel 2 8.2AIHighAI2025-10-10
CVE-2025-9553 API Key manager - Critical - Unsupported - SA-CONTRIB-2025-103 — API Key manager 8.2AIHighAI2025-10-10
CVE-2025-9552 Synchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102 — Synchronize composer.json With Contrib Modules 9.4AICriticalAI2025-10-10
CVE-2025-9551 Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101 — Protected PagesCWE-307 9.8AICriticalAI2025-10-10
CVE-2025-9550 Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100 — FacetsCWE-79 6.1AIMediumAI2025-10-10
CVE-2025-9549 Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099 — FacetsCWE-862 7.5AIHighAI2025-10-10
CVE-2025-8093 Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098 — Authenticator LoginCWE-288 9.8AICriticalAI2025-10-10
CVE-2025-8996 Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097 — Layout Builder Advanced PermissionsCWE-862--AI2025-08-15
CVE-2025-8995 Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096 — Authenticator LoginCWE-288 9.8AICriticalAI2025-08-15
CVE-2025-8675 AI SEO Link Advisor - Less critical - Server-side Request Forgery - SA-CONTRIB-2025-095 — AI SEO Link AdvisorCWE-918 9.8AICriticalAI2025-08-15
CVE-2025-8362 GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094 — GoogleTag ManagerCWE-79 6.1AIMediumAI2025-08-15
CVE-2025-8361 Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093 — Config PagesCWE-962--AI2025-08-15
CVE-2025-8092 COOKiES Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-092 — COOKiES Consent ManagementCWE-79 6.1AIMediumAI2025-08-15
CVE-2025-7717 File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089 — File DownloadCWE-862 9.1 -2025-07-21
CVE-2025-7716 Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091 — Real-time SEO for DrupalCWE-79 6.1 -2025-07-21
CVE-2025-7715 Block Attributes - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-090 — Block AttributesCWE-79 6.1 -2025-07-21
CVE-2025-7392 Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087 — Cookies AddonsCWE-79 6.1 -2025-07-21
CVE-2025-7393 Mail Login - Critical - Access bypass - SA-CONTRIB-2025-088 — Mail LoginCWE-307 9.8 -2025-07-21
CVE-2025-7031 Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086 — Config Pages ViewerCWE-306 9.1AICriticalAI2025-07-08
CVE-2025-7030 Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085 — Two-factor Authentication (TFA)CWE-267 8.1AIHighAI2025-07-08
CVE-2025-6677 Paragraphs table - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-084 — Paragraphs tableCWE-79 6.1AIMediumAI2025-06-26
CVE-2025-6676 Simple XML sitemap - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-083 — Simple XML sitemapCWE-79 6.1AIMediumAI2025-06-26
CVE-2025-6675 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082 — Enterprise MFA - TFA for DrupalCWE-288 9.8AICriticalAI2025-06-26
CVE-2025-6674 CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081 — CKEditor5 YoutubeCWE-79 6.1AIMediumAI2025-06-26
CVE-2025-5682 Klaro Cookie & Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-080 — Klaro Cookie & Consent ManagementCWE-79 6.1AIMediumAI2025-06-26
CVE-2025-48921 Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079 — Open SocialCWE-352 8.8AIHighAI2025-06-26
CVE-2025-48922 GLightbox - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-078 — GLightboxCWE-79 6.1AIMediumAI2025-06-26

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.