drupal/core vulnerabilities

Drupal is an open source content management platform powering millions of websites and applications.

Latest version: 8.6.16

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the drupal/core package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Authentication Bypass
<8.5.15,>=8.6.0, <8.6.16 Not available 18 Apr, 2019
  • M
Arbitrary Code Execution
<8.5.15,>=8.6.0, <8.6.15 Not available 18 Apr, 2019
  • M
Cross-site Scripting (XSS)
<8.5.15,>=8.6.0, <8.6.15 Not available 18 Apr, 2019
  • M
Cross-site Scripting (XSS)
>=7.0, <7.65,>=8.5, <8.5.14,>=8.6, <8.6.13 Not available 26 Mar, 2019
  • M
Cross-site Scripting (XSS)
>=7.0, <7.65,>=8.0.0, <8.5.14,>=8.6.0, <8.6.13 Not available 21 Mar, 2019
  • H
Remote Code Execution (RCE)
<8.5.11,>=8.6.0, <8.6.10 Not available 22 Feb, 2019
  • H
Arbitrary Code Execution
>=7.0.0, <7.6.2,>=8.5.0, <8.5.9,>=8.6.0, <8.6.6 Not available 04 Feb, 2019
  • H
Remote Code Execution
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Remote Code Execution
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Open Redirect
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Access Restriction Bypass
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Open Redirect
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Open Redirect
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Arbitrary Code Execution
<7.59,>=8.0, <8.4.8,>=8.5.0, <8.5.3 Not available 10 May, 2018
  • M
Cross-site Scripting (XSS)
>=8.0.0, <8.4.7,>=8.5.0, <8.5.2 Not available 10 May, 2018
  • M
Cross-site Scripting (XSS)
<8.4.7,>=8.5.0, <8.5.2 Not available 02 May, 2018
  • H
Arbitrary Code Execution
<7.58,>=8.0, <8.3.9,>=8.4.0, <8.4.6,>=8.5.0, <8.5.1 Not available 02 Apr, 2018
  • M
Cross-site Scripting (XSS)
>=7.0,<7.57,>=8.0,<8.4.5 Not available 06 Mar, 2018
  • M
Cross-site Scripting (XSS)
>=7.0.0,<7.57,>=8.0.0,<8.4.0 Not available 06 Mar, 2018
  • M
Access Restriction Bypass
>=8.0, <8.4.5 Not available 05 Mar, 2018
  • M
Link Injection
>=7.0, <7.57 Not available 05 Mar, 2018
  • M
Access Restriction Bypass
>=7.0, <7.57 Not available 05 Mar, 2018
  • H
Information Exposure
>=8.4.0, <8.4.5 Not available 05 Mar, 2018
  • H
Access Restriction Bypass
>=8.4, <8.4.5 Not available 05 Mar, 2018
  • M
Authentication Bypass
>=8.0, <8.3.7 Not available 16 Aug, 2017
  • M
Access Restriction Bypass
>=8.0, <8.3.7 Not available 16 Aug, 2017
  • M
Access Restriction Bypass
>=8.0, <8.3.7 Not available 16 Aug, 2017
  • H
Deserialization of Untrusted Data
>=8, <8.3.4 Not available 21 Jun, 2017
  • M
Arbitrary File Upload
>=8, <8.3.4 Not available 21 Jun, 2017
  • M
Information Exposure
>=7, <7.56,>=8, <8.3.4 Not available 21 Jun, 2017