Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Drupal:Drupal CorecoreOpen SocialEnterprise MFA - TFA for DrupalAI (Artificial Intelligence)COOKiES Consent ManagementTwo-factor Authentication (TFA)One Time PasswordAuthenticator LoginOpenID Connect / OAuth clientFacetsData-moduleKlaro Cookie & Consent ManagementAccess codeQuick Node BlockSimple KlaroGoogle TagEmail TFACivicTheme Design SystemAcquia DAMDrupalPOST FileParagraphs tableTagifyDrupal CanvasLogin DisableNode Access Rebuild ProgressiveMonster MenusFile Entity (fieldable files)File Access Fix (deprecated)
CVE IDTitleCVSSSeverityPublished
CVE-2024-13268 Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032 — OpignoCWE-96 9.8 -2025-01-09
CVE-2024-13267 Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031 — Opigno TinCan Question TypeCWE-96 9.8 -2025-01-09
CVE-2024-13266 Responsive and off-canvas menu - Moderately critical - Access bypass - SA-CONTRIB-2024-030 — Responsive and off-canvas menuCWE-863 7.5 -2025-01-09
CVE-2024-13265 Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029 — Opigno Learning pathCWE-96 8.8 -2025-01-09
CVE-2024-13264 Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028 — Opigno moduleCWE-96 9.8 -2025-01-09
CVE-2024-13263 Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027 — Opigno group managerCWE-96 8.8 -2025-01-09
CVE-2024-13262 View Password - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-026 — View PasswordCWE-79 6.1 -2025-01-09
CVE-2024-13261 Acquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025 — Acquia DAMCWE-352 8.8 -2025-01-09
CVE-2024-13260 Migrate queue importer - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-024 — Migrate queue importerCWE-352 8.8 -2025-01-09
CVE-2024-13259 Image Sizes - Moderately critical - Access bypass - SA-CONTRIB-2024-023 — Image SizesCWE-201 9.1 -2025-01-09
CVE-2024-13258 Drupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022 — Drupal REST & JSON API AuthenticationCWE-863 8.2 -2025-01-09
CVE-2024-13257 Commerce View Receipt - Moderately critical - Access bypass - SA-CONTRIB-2024-021 — Commerce View ReceiptCWE-863 7.5 -2025-01-09
CVE-2024-13256 Email Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020 — Email ContactCWE-1220 7.5 -2025-01-09
CVE-2024-13255 RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019 — RESTful Web ServicesCWE-202 5.3 -2025-01-09
CVE-2024-13254 REST Views - Moderately critical - Information Disclosure - SA-CONTRIB-2024-018 — REST ViewsCWE-201 5.3 -2025-01-09
CVE-2024-13253 Advanced PWA - Critical - Access bypass - SA-CONTRIB-2024-017 — Advanced PWA inc Push NotificationsCWE-863 8.2 -2025-01-09
CVE-2024-13252 TacJS - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-016 — TacJSCWE-79 6.1 -2025-01-09
CVE-2024-13251 Registration role - Critical - Access bypass - SA-CONTRIB-2024-015 — Registration roleCWE-266 8.8 -2025-01-09
CVE-2024-13250 Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014 — Drupal Symfony Mailer LiteCWE-352 8.8 -2025-01-09
CVE-2024-13249 Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-013 — Node Access Rebuild ProgressiveCWE-282 8.1 -2025-01-09
CVE-2024-13248 Private content - Moderately critical - Access bypass - SA-CONTRIB-2024-012 — Private contentCWE-266 6.3 -2025-01-09
CVE-2024-13247 Coffee - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-011 — CoffeeCWE-79 6.1 -2025-01-09
CVE-2024-13246 Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-010 — Node Access Rebuild ProgressiveCWE-282 8.1 -2025-01-09
CVE-2024-13245 CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-009 — CKEditor 4 LTS - WYSIWYG HTML editorCWE-79 6.1 -2025-01-09
CVE-2024-13244 Migrate Tools - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-008 — Migrate ToolsCWE-352 8.8 -2025-01-09
CVE-2024-13243 Entity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007 — Entity Delete LogCWE-862 9.1 -2025-01-09
CVE-2024-13242 Swift Mailer - Moderately critical - Access bypass - SA-CONTRIB-2024-006 — Swift Mailer (abandoned)CWE-749 5.3 -2025-01-09
CVE-2024-13241 Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005 — Open SocialCWE-285 5.3 -2025-01-09
CVE-2024-13240 Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004 — Open SocialCWE-284 5.3 -2025-01-09
CVE-2024-13239 Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003 — Two-factor Authentication (TFA)CWE-1390 9.8 -2025-01-09

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.