Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Drupal:Drupal CorecoreOpen SocialEnterprise MFA - TFA for DrupalAI (Artificial Intelligence)COOKiES Consent ManagementTwo-factor Authentication (TFA)One Time PasswordAuthenticator LoginOpenID Connect / OAuth clientFacetsData-moduleKlaro Cookie & Consent ManagementAccess codeQuick Node BlockSimple KlaroGoogle TagEmail TFACivicTheme Design SystemAcquia DAMDrupalPOST FileParagraphs tableTagifyDrupal CanvasLogin DisableNode Access Rebuild ProgressiveMonster MenusFile Entity (fieldable files)File Access Fix (deprecated)
CVE IDTitleCVSSSeverityPublished
CVE-2024-13298 Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064 — Tarte au CitronCWE-79 6.1 -2025-01-09
CVE-2024-13297 Eloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063 — EloquaCWE-502 9.8 -2025-01-09
CVE-2024-13296 Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062 — MailjetCWE-502 9.8 -2025-01-09
CVE-2024-13295 Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061 — Node exportCWE-502 9.8 -2025-01-09
CVE-2024-13294 POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060 — POST FileCWE-79 6.1 -2025-01-09
CVE-2024-13293 POST File - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-059 — POST FileCWE-352 8.8 -2025-01-09
CVE-2024-13292 Tooltip - Moderately critical - Cross site scripting - SA-CONTRIB-2024-058 — TooltipCWE-79 6.1 -2025-01-09
CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057 — Basic HTTP AuthenticationCWE-863--2025-01-09
CVE-2024-13290 OhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056 — OhDear IntegrationCWE-863 7.5 -2025-01-09
CVE-2024-13289 Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055 — Cookiebot + GTMCWE-79 6.1 -2025-01-09
CVE-2024-13288 Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052 — Monster MenusCWE-502 9.8 -2025-01-09
CVE-2024-13287 Views SVG Animation - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-051 — Views SVG AnimationCWE-79 6.1 -2025-01-09
CVE-2024-13286 SVG Embed - Moderately critical - Cross site scripting - SA-CONTRIB-2024-050 — SVG EmbedCWE-79 6.1 -2025-01-09
CVE-2024-13285 wkhtmltopdf - Highly critical - Unsupported - SA-CONTRIB-2024-049 — wkhtmltopdf 9.8 -2025-01-09
CVE-2024-13284 Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048 — GutenbergCWE-352 8.8 -2025-01-09
CVE-2024-13283 Facets - Critical - Cross Site Scripting - SA-CONTRIB-2024-047 — FacetsCWE-79 6.1 -2025-01-09
CVE-2024-13282 Block permissions - Moderately critical - Access bypass - SA-CONTRIB-2024-046 — Block permissionsCWE-863 5.3 -2025-01-09
CVE-2024-13281 Monster Menus - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-045 — Monster MenusCWE-863 7.5 -2025-01-09
CVE-2024-13280 Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044 — Persistent LoginCWE-613 9.1 -2025-01-09
CVE-2024-13279 Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043 — Two-factor Authentication (TFA)CWE-384 7.1 -2025-01-09
CVE-2024-13278 Diff - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-042 — DiffCWE-863 8.8 -2025-01-09
CVE-2024-13277 Smart IP Ban - Critical - Access bypass - SA-CONTRIB-2024-041 — Smart IP BanCWE-863 9.1 -2025-01-09
CVE-2024-13276 File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040 — File Entity (fieldable files)CWE-201 7.1 -2025-01-09
CVE-2024-13275 Security Kit - Less critical - Denial of Service - SA-CONTRIB-2024-039 — Security KitCWE-843 7.5 -2025-01-09
CVE-2024-13274 Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038 — Open SocialCWE-799 9.8 -2025-01-09
CVE-2024-13273 Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037 — Open SocialCWE-79 6.1 -2025-01-09
CVE-2024-13272 Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036 — Paragraphs tableCWE-1220 4.3 -2025-01-09
CVE-2024-13271 Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035 — Content Entity CloneCWE-863 9.1 -2025-01-09
CVE-2024-13270 Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034 — FreelinkingCWE-863 7.5 -2025-01-09
CVE-2024-13269 Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033 — Advanced VarnishCWE-201 9.1 -2025-01-09

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.