drupal/drupal vulnerabilities

Drupal is an open source content management platform powering millions of websites and applications.

Latest version: 8.6.5

View on Packagist.org
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications
Vulnerability Vulnerable versions Snyk patch Published
  • H
Remote Code Execution
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Remote Code Execution
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Open Redirect
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • H
Access Restriction Bypass
>=7.0.0, <7.60,>=8.0.0, <8.5.8,>=8.6.0, <8.6.2 Not available 22 Oct, 2018
  • M
Cross-site Scripting (XSS)
>=8.0.0, <8.4.7,>=8.5.0, <8.5.2 Not available 10 May, 2018
  • H
Arbitrary Code Execution
<7.59, >=8.0.0,<8.4.8, >=8.5.0,<8.5.3 Not available 10 May, 2018
  • H
Arbitrary Code Execution
>=0, <7.58,>=8.0, <8.3.9,>=8.4.0, <8.4.6,>=8.5.0, <8.5.1 Not available 31 Mar, 2018
  • M
Cross-site Scripting (XSS)
>=7.0, <7.57, >=8.0, <8.4.5 Not available 06 Mar, 2018
  • M
Cross-site Scripting (XSS)
>=7.0.0, <7.57,>=8.0.0, <8.4.0 Not available 06 Mar, 2018
  • M
Access Restriction Bypass
>=8.0, <8.4.5 Not available 06 Mar, 2018
  • M
Link Injection
>=7.0, <7.57 Not available 06 Mar, 2018
  • M
Access Restriction Bypass
>=7.0, <7.57 Not available 06 Mar, 2018
  • H
Information Exposure
>=8.4.0, <8.4.5 Not available 06 Mar, 2018
  • H
Access Restriction Bypass
>=8.4.0, <8.4.5 Not available 06 Mar, 2018
  • M
Authentication Bypass
>=8.0, <8.3.7 Not available 16 Aug, 2017
  • M
Access Restriction Bypass
>=8.0, <8.3.7 Not available 16 Aug, 2017
  • M
Access Restriction Bypass
>=8.0, <8.3.7 Not available 16 Aug, 2017
  • H
Deserialization of Untrusted Data
>=8, <8.3.4 Not available 21 Jun, 2017
  • M
Arbitrary File Upload
>=8, <8.3.4 Not available 21 Jun, 2017
  • M
Information Exposure
>=7, <7.56,>=8, <8.3.4 Not available 21 Jun, 2017
  • H
Access Restriction Bypass
>=8.3, <8.3.1,<8.2.8 Not available 19 Apr, 2017
  • H
Access Restriction Bypass
>=8, <8.2.7 Not available 15 Mar, 2017
  • H
Cross-site Request Forgery (CSRF)
>=8, <8.2.7 Not available 15 Mar, 2017
  • H
Arbitrary Code Execution
>=8, <8.2.7 Not available 15 Mar, 2017
  • M
Information Exposure
>=8, <8.2.3 Not available 16 Nov, 2016
  • H
Cache Poisoning
>=8, <8.2.3 Not available 16 Nov, 2016
  • M
Denial of Service (DoS)
>=8, <8.2.3 Not available 16 Nov, 2016
  • M
Access Restriction Bypass
>=8, <8.1.10 Not available 21 Sep, 2016
  • M
Cross-site Scripting (XSS)
>=8, <8.1.10 Not available 21 Sep, 2016
  • M
Access Restriction Bypass
>=8, <8.1.10 Not available 21 Sep, 2016