Known Vulnerabilities for products from Drupal

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Drupal".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-9082 json		Not Provided	2026-05-20	2026-05-22
CVE-2026-8495 json		Not Provided	2026-05-19	2026-05-20
CVE-2026-8493 json		Not Provided	2026-05-19	2026-05-20
CVE-2026-8492 json		Not Provided	2026-05-19	2026-05-20
CVE-2026-8491 json		Not Provided	2026-05-19	2026-05-20
CVE-2026-6871 json		Not Provided	2026-05-19	2026-05-20
CVE-2026-6816 json		Not Provided	2026-05-28	2026-05-29
CVE-2026-6367 json	Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allo...	Not Provided	2026-05-19	2026-05-20
CVE-2026-6366 json	Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Obj...	Not Provided	2026-05-19	2026-05-20
CVE-2026-6365 json	Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allo...	Not Provided	2026-05-19	2026-05-20
CVE-2025-31675 json	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allo...	Not Provided	2025-03-31	2026-04-02
CVE-2024-22362 json		7.5 - HIGH	2024-01-16	2024-01-23
CVE-2023-31250 json	The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining a...	6.5 - MEDIUM	2023-04-26	2023-05-05
CVE-2023-5256 json	In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensiti...	7.5 - HIGH	2023-09-28	2023-10-05
CVE-2022-39261 json	Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an i...	7.5 - HIGH	2022-09-28	2023-11-07
CVE-2022-31160 json	jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prio...	6.1 - MEDIUM	2022-07-20	2023-11-07
CVE-2022-31043 json	Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information....	7.5 - HIGH	2022-06-10	2023-07-24
CVE-2022-31042 json	Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On...	7.5 - HIGH	2022-06-10	2023-07-24
CVE-2022-29248 json	Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. Th...	8.1 - HIGH	2022-05-25	2023-07-21
CVE-2022-26493 json	Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization by...	8.8 - HIGH	2022-06-03	2022-07-03

Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Drupal

Type	Vendor	Product	Version
Application	Drupal	Activity	6.x-1.x
Application	Drupal	Authenticated User Page Caching	7.x-1.0
Application	Drupal	Data	6.x-1.0
Application	Drupal	Drupal	-
Application	Drupal	Quick Tabs	6.x-2.0
Application	Drupal	Realname	6.x-1.2
Application	Drupal	Restful	7.x-1.0
Application	Drupal	Svg Sanitizer	7.x-1.0
Application	Drupal	Views Builk Operations	6.x-1.0
Application	Drupal	Views Dynamic Field	6.x-1.0
Application	Drupal	Web Links	4.7.x