drupal/drupal vulnerabilities

Drupal is an open source content management platform powering millions of websites and applications.

Latest version: 8.7.0

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the drupal/drupal package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • M
Authentication Bypass
<8.5.15,>=8.6.0, <8.6.16 Not available 18 Apr, 2019
  • M
Arbitrary Code Execution
<8.5.15,>=8.6.0, <8.6.15 Not available 18 Apr, 2019
  • M
Cross-site Scripting (XSS)
<8.5.15,>=8.6.0, <8.6.15 Not available 18 Apr, 2019
  • M
Cross-site Scripting (XSS)
>=7.0, <7.65,>=8.0.0, <8.5.14,>=8.6.0, <8.6.13 Not available 21 Mar, 2019
  • H
Remote Code Execution (RCE)
<8.5.11,>=8.6.0, <8.6.10 Not available 22 Feb, 2019
  • H
Arbitrary Code Execution
>=7.0.0, <7.6.2,>=8.5.0, <8.5.9,>=8.6.0, <8.6.6 Not available 04 Feb, 2019
  • H
Remote Code Execution
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Remote Code Execution
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Open Redirect
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Access Restriction Bypass
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • M
Cross-site Scripting (XSS)
>=8.0.0, <8.4.7,>=8.5.0, <8.5.2 Not available 10 May, 2018
  • H
Arbitrary Code Execution
<7.59.0,>=8.0.0, <8.4.8,>=8.5.0, <8.5.3 Not available 10 May, 2018
  • H
Arbitrary Code Execution
>=0.0.0, <7.58,>=8.0.0, <8.3.9,>=8.4.0, <8.4.6,>=8.5.0, <8.5.1 Not available 31 Mar, 2018
  • M
Cross-site Scripting (XSS)
>=7.0.0, <7.57,>=8.0.0, <8.4.5 Not available 06 Mar, 2018
  • M
Cross-site Scripting (XSS)
>=7.0.0, <7.57,>=8.0.0, <8.4.0 Not available 06 Mar, 2018
  • M
Access Restriction Bypass
>=8.0, <8.4.5 Not available 06 Mar, 2018
  • M
Link Injection
>=7.0, <7.57 Not available 06 Mar, 2018
  • M
Access Restriction Bypass
>=7.0, <7.57 Not available 06 Mar, 2018
  • H
Information Exposure
>=8.4.0, <8.4.5 Not available 06 Mar, 2018
  • H
Access Restriction Bypass
>=8.4.0, <8.4.5 Not available 06 Mar, 2018
  • M
Authentication Bypass
>=8.0, <8.3.7 Not available 16 Aug, 2017
  • M
Access Restriction Bypass
>=8.0, <8.3.7 Not available 16 Aug, 2017
  • M
Access Restriction Bypass
>=8.0, <8.3.7 Not available 16 Aug, 2017
  • H
Deserialization of Untrusted Data
>=8.0.0, <8.3.4 Not available 21 Jun, 2017
  • M
Arbitrary File Upload
>=8.0.0, <8.3.4 Not available 21 Jun, 2017
  • M
Information Exposure
>=7.0.0, <7.56,>=8.0.0, <8.3.4 Not available 21 Jun, 2017
  • H
Access Restriction Bypass
>=8.3.0, <8.3.1,<8.2.8 Not available 19 Apr, 2017
  • H
Access Restriction Bypass
>=8.0.0, <8.2.7 Not available 15 Mar, 2017
  • H
Cross-site Request Forgery (CSRF)
>=8.0.0, <8.2.7 Not available 15 Mar, 2017
  • H
Arbitrary Code Execution
>=8.0.0, <8.2.7 Not available 15 Mar, 2017