Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-31689	General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018 — General Data Protection RegulationCWE-352	8.8	-	2025-03-31
CVE-2025-31688	Configuration Split - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-017 — Configuration SplitCWE-352	8.8	-	2025-03-31
CVE-2025-31687	SpamSpan filter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-016 — SpamSpan filterCWE-79	6.1	-	2025-03-31
CVE-2025-31686	Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015 — Open SocialCWE-862	7.5	-	2025-03-31
CVE-2025-31685	Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014 — Open SocialCWE-862	7.5	-	2025-03-31
CVE-2025-31684	OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013 — OAuth2 ClientCWE-352	8.8	-	2025-03-31
CVE-2025-31683	Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012 — Google TagCWE-352	8.8	-	2025-03-31
CVE-2025-31682	Google Tag - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-011 — Google TagCWE-79	6.1	-	2025-03-31
CVE-2025-31681	Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009 — Authenticator LoginCWE-862	7.5	-	2025-03-31
CVE-2025-31680	Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008 — Matomo AnalyticsCWE-352	8.8	-	2025-03-31
CVE-2025-31679	Ignition Error Pages - Critical - Cross Site Scripting - SA-CONTRIB-2025-007 — Ignition Error PagesCWE-79	6.1	-	2025-03-31
CVE-2025-31678	AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004 — AI (Artificial Intelligence)CWE-862	9.4	-	2025-03-31
CVE-2025-31677	AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003 — AI (Artificial Intelligence)CWE-352	8.8	-	2025-03-31
CVE-2025-31676	Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-001 — Email TFACWE-1390	9.8	-	2025-03-31
CVE-2025-31675	Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 — Drupal coreCWE-79	6.1	-	2025-03-31
CVE-2025-31674	Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003 — Drupal coreCWE-915	9.8	-	2025-03-31
CVE-2025-31673	Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002 — Drupal coreCWE-863	6.5	-	2025-03-31
CVE-2025-3057	Drupal core - Critical - Cross site scripting - SA-CORE-2025-001 — Drupal coreCWE-79	6.1	-	2025-03-31
CVE-2024-13312	Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076 — Open SocialCWE-862	7.5	-	2025-01-09
CVE-2024-13311	Allow All File Extensions for file fields - Critical - Unsupported - SA-CONTRIB-2024-075 — Allow All File Extensions for file fields	8.2	-	2025-01-09
CVE-2024-13310	Git Utilities for Drupal - Critical - Unsupported - SA-CONTRIB-2024-074 — Git Utilities for Drupal	9.1	-	2025-01-09
CVE-2024-13309	Login Disable - Critical - Access bypass - SA-CONTRIB-2024-073 — Login DisableCWE-287	8.2	-	2025-01-09
CVE-2024-13308	Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072 — Browser Back ButtonCWE-79	6.1	-	2025-01-09
CVE-2024-13305	Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071 — Entity Form StepsCWE-79	6.1	-	2025-01-09
CVE-2024-13304	Minify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070 — Minify JSCWE-352	8.8	-	2025-01-09
CVE-2024-13303	Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069 — Download All FilesCWE-862	7.5	-	2025-01-09
CVE-2024-13302	Pages Restriction Access - Critical - Access bypass - SA-CONTRIB-2024-068 — Pages Restriction AccessCWE-863	7.5	-	2025-01-09
CVE-2024-13301	OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) - Critical - Cross Site Scripting - SA-CONTRIB-2024-067 — OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client)CWE-79	6.1	-	2025-01-09
CVE-2024-13300	Print Anything - Critical - Unsupported - SA-CONTRIB-2024-066 — Print Anything	8.2	-	2025-01-09
CVE-2024-13299	Megamenu Framework - Critical - Unsupported - SA-CONTRIB-2024-065 — Megamenu Framework	9.4	-	2025-01-09

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Drupal — Vulnerabilities & Security Advisories 295