Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how drupal compares to other vendors in security performance

View Risk Score →

Software

drupal
306
drupal drupal
139
drupal drupal core
5
drupal project issue tracking module
5
drupal enterprise mfa - tfa
3
drupal monster menus
3
drupal one time password
3
drupal project
3
drupal views
3
drupal aggregation module
2
drupal cookies consent management
2
drupal facets
2
drupal google tag
2
drupal imce module
2
drupal localization client
2
drupal node access rebuild progressive
2
drupal print
2
drupal print module
2
drupal views bulk operations
2
drupal access
1
drupal access code
1
drupal acidfree
1
drupal activity
1
drupal advanced varnish
1
drupal ai
1
drupal api key manager
1
drupal archive module
1
drupal at internet piano analytics
1
drupal atom module
1
drupal authenticated user page caching
1
drupal baguettebox.js
1
drupal bibliography module
1
drupal block class
1
drupal bootstrap site alert
1
drupal calculation fields
1
drupal canvas project drupal canvas drupal
1
drupal cck comment reference
1
drupal central authentication system (cas) server
1
drupal coffee
1
drupal comment mail
1
drupal comment upload module
1
drupal commerce
1
drupal commons
1
drupal configuration split
1
drupal content construction kit
1
drupal content entity clone
1
drupal cookiebot
1
drupal currency
1
drupal cvs management and tracker
1
drupal database administration module
1

Drupal Term Reference TreeStored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

Risk 32
Severity
5.1
First published (updated )
CVE-2026-4093

Drupal Drupal CoreDrupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Risk 38
Severity
6.1
First published (updated )
CVE-2026-6367

Drupal DrupalDrupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

Risk 61
Severity
6.6
First published (updated )
CVE-2026-6366

Drupal DrupalDrupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Risk 38
Severity
6.1
First published (updated )
CVE-2026-6365

Drupal File (Field) PathsInformation disclosure via file URI overwrite in File (Field) Paths

Risk 33
Severity
6.9
First published (updated )
CVE-2026-1556
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Drupal OpenID Connect / OAuth clientOpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2026-3530

Drupal Calculation FieldsCalculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023

Risk 27
Severity
6.1
EPSS
0.03%
First published (updated )
CVE-2026-3528

Drupal SAML SSO - Service ProviderSAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018

Risk 38
Severity
6.1
First published (updated )
CVE-2026-3217

Drupal Drupal CanvasDrupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

Risk 26
Severity
5
First published (updated )
CVE-2026-3216

Jtenman Central Authentication System Server DrupalCentral Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

Risk 29
Severity
4.2
First published (updated )
CVE-2026-1554
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Bordeaux-metropole At Internet Piano Analytics DrupalAT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004

Risk 29
Severity
4.8
First published (updated )
CVE-2026-0947

Drupal Entity ShareEntity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123

Risk 27
Severity
5.3
First published (updated )
CVE-2025-13985

Drupal Mini siteMini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117

Risk 34
Severity
5.4
First published (updated )
CVE-2025-13979

Drupal FlagXSS in Drupal 7 Flag Module

Risk 34
Severity
5.4
First published (updated )
CVE-2025-14556

Drupal Email TFAEmail TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115

Risk 34
Severity
5.4
First published (updated )
CVE-2025-12760
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

composer/drupal/coreDrupal core - Moderately critical - Defacement - SA-CORE-2025-007

Risk 22
Severity
4.3
First published (updated )
CVE-2025-13082

composer/drupal/coreDrupal core - Moderately critical - Gadget chain - SA-CORE-2025-006

Risk 45
Severity
5.9
First published (updated )
CVE-2025-13081

composer/drupal/coreDrupal core - Moderately critical - Denial of Service - SA-CORE-2025-005

Risk 27
Severity
5.3
First published (updated )
CVE-2025-13080

Drupal CivicTheme Design SystemCivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113

Risk 38
Severity
6.1
First published (updated )
CVE-2025-12083

Drupal Reverse Proxy HeaderReverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

Risk 27
Severity
5.3
First published (updated )
CVE-2025-10929
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Drupal CurrencyCurrency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Risk 40
Severity
6.5
First published (updated )
CVE-2025-10930

Drupal Access codeAccess code - Moderately critical - Access bypass - SA-CONTRIB-2025-108

Risk 46
Severity
6.3
First published (updated )
CVE-2025-10928

Drupal Plausible trackingPlausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107

Risk 38
Severity
6.1
First published (updated )
CVE-2025-10927

Drupal JSON FieldJSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106

Risk 38
Severity
6.1
First published (updated )
CVE-2025-10926

Drupal Owl Carousel 2Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104

Risk 19
Severity
5.3
EPSS
0.04%
First published (updated )
CVE-2025-9554
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Drupal API Key managerAPI Key manager - Critical - Unsupported - SA-CONTRIB-2025-103

Risk 19
Severity
5.3
EPSS
0.04%
First published (updated )
CVE-2025-9553

Drupal Synchronize composer.Json With Contrib ModulesSynchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102

Risk 19
Severity
5.3
EPSS
0.04%
First published (updated )
CVE-2025-9552

Drupal Protected PagesProtected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101

Risk 28
Severity
6.5
EPSS
0.06%
First published (updated )
CVE-2025-9551

Facets Project Facets DrupalFacets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100

Risk 27
Severity
6.1
EPSS
0.04%
First published (updated )
CVE-2025-9550

Drupal FacetsFacets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099

Risk 28
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2025-9549
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203