Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

Office Hours - Moderately Critical - Cross Site Scripting - DRUPAL-SA-CONTRIB-2017-032

Private - Critical - Access bypass - DRUPAL-SA-CONTRIB-2017-031

PRLP - Critical - Access Bypass and Privilege Escalation - SA-CONTRIB-2017-030

Services - Highly Critical - Arbitrary Code Execution - SA-CONTRIB-2017-029

Breakpoint Panels - Critical - Unsupported - SA-CONTRIB-2017-028

  • Advisory ID: DRUPAL-SA-CONTRIB-2017-028
  • Project: breakpoint panels (third-party module)
  • Version: 7.x
  • Date: 2017-March-01

AES - Critical - Unsupported - SA-CONTRIB-2017-027

  • Advisory ID: DRUPAL-SA-CONTRIB-2017-027
  • Project: AES encryption (third-party module)
  • Version: 7.x, 8.x
  • Date: 2017-March-01

Location Map - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-026

Remember Me - Critical - Unsupported - SA-CONTRIB-2017-025

  • Advisory ID: DRUPAL-SA-CONTRIB-2017-025
  • Project: Remember Me (third-party module)
  • Version: 7.x
  • Date: 2017-March-01

RestWS - Moderately Critical - Information Disclosure - SA-CONTRIB-2017-024

DownloadFile - Critical - Unsupported - SA-CONTRIB-2017-023

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects