SecAlerts
CVE ListPricingSign Up
drupal logo

drupal

Security Risk Profile

40
/100
medium

Security Risk Score

Comprehensive risk assessment based on 1000 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from July 9, 2008 to present

1000
Total CVEs
215
Critical+High
12
Exploited
79
Unpatched

Threat Assessment

Avg CVSS
5.5
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
79
Critical/High
Risk Level
40/100
medium
⚠️ 12 Active Exploits📈 14 in Last 30 Days

Severity Distribution

Critical
76
High
139
Medium
545
Low
200

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
1
<5%
89

Age Distribution

Common Weaknesses (CWE)

1
XSS
407
2
CSRF
82
3
SQL Injection
33
4
Infoleak
32
5
Input Validation
28

Most Affected Products

1. Drupal Drupal5438
2. Ubercart Ubercart478
3. composer/drupal/core260
4. SpeedTech Storm222
5. composer/drupal/drupal197

Recent Vulnerabilities

See more →
CVE-2026-6816
CVSS 5.1medium

TFA Basic Plugins - Access Bypass

5/28/2026🔧 No Patch
CVE-2026-5343
CVSS 7.4high

SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

5/28/2026🔧 No Patch
bleepingcomputer-20260526084645
unknown

CISA orders feds to patch actively exploited Drupal vulnerability

5/26/2026⚠ Exploited🔧 No Patch
https://reddit.com/r/cybersecurity/comments/1tlitj2/drupal_core_sql_injection_flaw_actively_exploited/
unknown

Drupal Core SQL injection flaw actively exploited less than 48 hours after patch. 15,000 attack attempts already recorded across 6,000 sites

5/23/2026🔧 No Patch
bleepingcomputer-20260522131440
unknown

Drupal: Critical SQL injection flaw now targeted in attacks

5/22/2026⚠ Exploited🔧 No Patch
CVE-2026-4093
CVSS 5.1medium

Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

5/21/2026🔧 No Patch
https://reddit.com/r/netsec/comments/1tjnwy1/keys_to_the_kingdom_anonymous_sql_injection_in/
unknown

Keys to the Kingdom: Anonymous SQL Injection in Drupal Core (CVE-2026-9082)

5/21/2026🔧 No Patch
CVE-2026-9082
CVSS 9.8EPSS 10%critical

Drupal Core SQL Injection Vulnerability

5/20/2026⚠ Exploited
SA-CORE-2026-004
CVSS 9.0critical
5/20/2026
CVE-2026-8495
CVSS 9.8EPSS 0%critical

Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

5/19/2026🔧 No Patch

Monitor drupal in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

drupal Security Vulnerabilities & Risk Score | 1000 CVEs | SecAlerts - SecAlerts