Information on source package drupal7

Available versions

ReleaseVersion
jessie7.32-1+deb8u19
stretch7.52-2+deb9u18

Open issues

BugjessiestretchDescription
CVE-2024-55638vulnerablevulnerableDeserialization of Untrusted Data vulnerability in Drupal Core allows ...
CVE-2024-55635vulnerablevulnerableImproper Neutralization of Input During Web Page Generation (XSS or 'C ...
CVE-2024-45440vulnerablevulnerablecore/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (eve ...
CVE-2024-22362vulnerablevulnerableDrupal contains a vulnerability with improper handling of structural e ...
CVE-2024-11942vulnerablevulnerableA vulnerability in Drupal Core allows File Manipulation.This issue aff ...
CVE-2024-11941vulnerablevulnerableA vulnerability in Drupal Core allows Excessive Allocation.This issue ...
CVE-2023-31250vulnerablevulnerableThe file download facility doesn't sufficiently sanitize file paths in ...
CVE-2023-5256vulnerablevulnerableIn certain scenarios, Drupal's JSON:API module will output error backt ...
CVE-2022-25275vulnerablevulnerableIn some situations, the Image module does not correctly check access t ...
CVE-2022-25271vulnerablefixedDrupal core's form API has a vulnerability where certain contributed o ...
CVE-2021-41183vulnerablefixedjQuery-UI is the official jQuery user interface library. Prior to vers ...
CVE-2021-41182vulnerablefixedjQuery-UI is the official jQuery user interface library. Prior to vers ...
CVE-2021-32610vulnerablefixedIn Archive_Tar before 1.4.14, symlinks can refer to targets outside of ...
CVE-2020-36193vulnerablefixedTar.php in Archive_Tar through 1.4.11 allows write operations with Dir ...
CVE-2020-28949vulnerablefixedArchive_Tar through 1.4.10 has :// filename sanitization only to addre ...
CVE-2020-28948vulnerablefixedArchive_Tar through 1.4.10 allows an unserialization attack because ph ...
CVE-2020-13672vulnerablefixedCross-site Scripting (XSS) vulnerability in Drupal core's sanitization ...
CVE-2020-13671vulnerablefixedDrupal core does not properly sanitize certain filenames on uploaded f ...
CVE-2020-13666vulnerablefixedCross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...
CVE-2016-7103vulnerablefixedCross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...
CVE-2010-5312vulnerablefixedCross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...

Open unimportant issues

BugjessiestretchDescription
CVE-2007-6752vulnerablevulnerableCross-site request forgery (CSRF) vulnerability in Drupal 7.12 and ear ...

Resolved issues

BugDescription
TEMP-0911337-06D812Injection in DefaultMailSystem::mail()
TEMP-0911336-06ADE0External URL injection through URL aliases
CVE-2024-55637Deserialization of Untrusted Data vulnerability in Drupal Core allows ...
CVE-2024-55636Deserialization of Untrusted Data vulnerability in Drupal Core allows ...
CVE-2024-55634A vulnerability in Drupal Core allows Privilege Escalation.This issue ...
CVE-2024-12393Improper Neutralization of Input During Web Page Generation (XSS or 'C ...
CVE-2022-25278Under certain circumstances, the Drupal core form API evaluates form e ...
CVE-2022-25277Drupal core sanitizes filenames with dangerous extensions upon upload ...
CVE-2022-25276The Media oEmbed iframe route does not properly validate the iframe do ...
CVE-2022-25274Drupal 9.3 implemented a generic entity access API for entity revision ...
CVE-2022-25273Drupal core's form API has a vulnerability where certain contributed o ...
CVE-2020-13688Cross-site scripting vulnerability in l Drupal Core allows an attacker ...
CVE-2020-13665Access bypass vulnerability in Drupal Core allows JSON:API when JSON:A ...
CVE-2020-13664Arbitrary PHP code execution vulnerability in Drupal Core under certai ...
CVE-2020-13663Cross Site Request Forgery vulnerability in Drupal Core Form API does ...
CVE-2020-13662Open Redirect vulnerability in Drupal Core allows a user to be tricked ...
CVE-2020-11023In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...
CVE-2020-11022In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...
CVE-2019-11831The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...
CVE-2019-11358jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...
CVE-2019-10911In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2019-10910In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2019-10909In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2019-6342An access bypass vulnerability exists when the experimental Workspaces ...
CVE-2019-6341In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.1 ...
CVE-2019-6340Some field types do not properly sanitize data from non-form sources i ...
CVE-2019-6339In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8. ...
CVE-2019-6338In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8. ...
CVE-2018-7602A remote code execution vulnerability exists within multiple subsystem ...
CVE-2018-7600Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x be ...
CVE-2017-6932Drupal core 7.x versions before 7.57 has an external link injection vu ...
CVE-2017-6929A jQuery cross site scripting vulnerability is present when making Aja ...
CVE-2017-6928Drupal core 7.x versions before 7.57 when using Drupal's private file ...
CVE-2017-6927Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 ...
CVE-2017-6922In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; P ...
CVE-2016-9452The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote a ...
CVE-2016-9451Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...
CVE-2016-9450The user password reset form in Drupal 8.x before 8.2.3 allows remote ...
CVE-2016-9449The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 mig ...
CVE-2016-7572The system.temporary route in Drupal 8.x before 8.1.10 does not proper ...
CVE-2016-7571Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 a ...
CVE-2016-7570Drupal 8.x before 8.1.10 does not properly check for "Administer comme ...
CVE-2016-6211The User module in Drupal 7.x before 7.44 allows remote authenticated ...
CVE-2016-3171Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before ...
CVE-2016-3170The "have you forgotten your password" links in the User module in Dru ...
CVE-2016-3169The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows r ...
CVE-2016-3168The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might ...
CVE-2016-3167Open redirect vulnerability in the drupal_goto function in Drupal 6.x ...
CVE-2016-3166CRLF injection vulnerability in the drupal_set_header function in Drup ...
CVE-2016-3165The Form API in Drupal 6.x before 6.38 ignores access restrictions on ...
CVE-2016-3164Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might al ...
CVE-2016-3163The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might ...
CVE-2016-3162The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows ...
CVE-2015-7943Open redirect vulnerability in the Overlay module in Drupal 7.x before ...
CVE-2015-6665Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal ...
CVE-2015-6661Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to ...
CVE-2015-6660The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not pr ...
CVE-2015-6659SQL injection vulnerability in the SQL comment filtering system in the ...
CVE-2015-6658Cross-site scripting (XSS) vulnerability in the Autocomplete system in ...
CVE-2015-3234The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows ...
CVE-2015-3233Open redirect vulnerability in the Overlay module in Drupal 7.x before ...
CVE-2015-3232Open redirect vulnerability in the Field UI module in Drupal 7.x befor ...
CVE-2015-3231The Render cache system in Drupal 7.x before 7.38, when used to cache ...
CVE-2015-2750Open redirect vulnerability in URL-related API functions in Drupal 6.x ...
CVE-2015-2749Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7 ...
CVE-2015-2559Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated ...
CVE-2014-9016The password hashing API in Drupal 7.x before 7.34 and the Secure Pass ...
CVE-2014-9015Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to ...
CVE-2014-5267modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 ...
CVE-2014-5266The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...
CVE-2014-5265The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...
CVE-2014-5022Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal ...
CVE-2014-5021Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x ...
CVE-2014-5020The File module in Drupal 7.x before 7.29 does not properly check perm ...
CVE-2014-5019The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 al ...
CVE-2014-3704The expandArguments function in the database abstraction API in Drupal ...
CVE-2014-2983Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate t ...
CVE-2014-1476The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an e ...
CVE-2014-1475The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows ...
CVE-2013-6389Open redirect vulnerability in the Overlay module in Drupal 7.x before ...
CVE-2013-6388Cross-site scripting (XSS) vulnerability in the Color module in Drupal ...
CVE-2013-6387Cross-site scripting (XSS) vulnerability in the Image module in Drupal ...
CVE-2013-6386Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand functi ...
CVE-2013-6385The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used ...
CVE-2013-1887Multiple cross-site scripting (XSS) vulnerabilities in the Views modul ...
CVE-2013-0316The Image module in Drupal 7.x before 7.20 allows remote attackers to ...
CVE-2013-0246The Image module in Drupal 7.x before 7.19, when a private file system ...
CVE-2013-0245The printer friendly version functionality in the Book module in Drupa ...
CVE-2013-0244Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and ...
CVE-2012-5653The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 ...
CVE-2012-5651Drupal 6.x before 6.27 and 7.x before 7.18 displays information for bl ...
CVE-2012-4554The OpenID module in Drupal 7.x before 7.16 allows remote OpenID serve ...
CVE-2012-4553Drupal 7.x before 7.16 allows remote attackers to obtain sensitive inf ...
CVE-2012-2922The request_path function in includes/bootstrap.inc in Drupal 7.14 and ...
CVE-2012-2153Drupal 7.x before 7.14 does not properly restrict access to nodes in a ...
CVE-2012-1591The image module in Drupal 7.x before 7.14 does not properly check per ...
CVE-2012-1590The forum list in Drupal 7.x before 7.14 does not properly check user ...
CVE-2012-1589Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 ...
CVE-2012-1588Algorithmic complexity vulnerability in the _filter_url function in th ...
CVE-2012-0827The File module in Drupal 7.x before 7.11, when using unspecified fiel ...
CVE-2012-0826Cross-site request forgery (CSRF) vulnerability in the Aggregator modu ...
CVE-2012-0825Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attrib ...
CVE-2011-2726An access bypass issue was found in Drupal 7.x before version 7.5. If ...
CVE-2011-2687Drupal 7.x before 7.3 allows remote attackers to bypass intended node_ ...

Security announcements

DSA / DLADescription
DLA-2925-1drupal7 - security update
DLA-2889-1drupal7 - security update
DLA-2721-1drupal7 - security update
DLA-2637-1drupal7 - security update
DLA-2530-1drupal7 - security update
DLA-2466-1drupal7 - security update
DLA-2458-1drupal7 - security update
DLA-2263-1drupal7 - security update
DSA-4706-1drupal7 - security update
DLA-2250-1drupal7 - security update
DSA-4693-1drupal7 - security update
DLA-1797-1drupal7 - security update
DSA-4445-1drupal7 - security update
DSA-4434-1drupal7 - security update
DLA-1746-1drupal7 - security update
DSA-4412-1drupal7 - security update
DLA-1685-1drupal7 - security update
DLA-1659-1drupal7 - security update
DSA-4370-1drupal7 - security update
DLA-1550-1drupal7 - security update
DSA-4323-1drupal7 - security update
DLA-1365-1drupal7 - security update
DSA-4180-1drupal7 - security update
DSA-4156-1drupal7 - security update
DLA-1325-1drupal7 - security update
DLA-1295-1drupal7 - security update
DSA-4123-1drupal7 - security update
DLA-1004-1drupal7 - security update
DSA-3897-1drupal7 - security update
DLA-715-1drupal7 - security update
DSA-3718-1drupal7 - security update
DLA-550-1drupal7 - security update
DLA-548-1drupal7 - security update
DSA-3604-1drupal7 - security update
DSA-3498-1drupal7 - security update
DSA-3346-1drupal7 - security update
DSA-3291-1drupal7 - security update
DSA-3200-1drupal7 - security update
DSA-3075-1drupal7 - security update
DSA-3051-1drupal7 - security update
DSA-2999-1drupal7 - security update
DSA-2983-1drupal7 - security update
DSA-2913-1drupal7 - security update
DSA-2847-1drupal7 - several
DSA-2804-1drupal7 - several

Search for package or bug name: Reporting problems