Security advisories for contributed projects

Show advisories for only Drupal core, only PSAs, or all security advisories

Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by community members.

Spotlight - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-142

By Drupal Security Team on 1 Sep 2015 at 20:16 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-142
Project: Spotlight (third-party module)
Version: 7.x
Date: 2015-September-01
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Ctools - Critical - Multiple Vulnerabilities - SA-CONTRIB-2015-141

By Drupal Security Team on 19 Aug 2015 at 20:28 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-141
Project: Chaos tool suite (ctools) (third-party module)
Version: 6.x, 7.x
Date: 2015-August-19
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Access bypass, Multiple vulnerabilities

Search API Autocomplete - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-140

By Drupal Security Team on 19 Aug 2015 at 15:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-140
Project: Search API Autocomplete (third-party module)
Version: 7.x
Date: 2015-August-19
Security risk: 6/25 ( Less Critical) AC:Complex/A:User/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Workbench Email - Moderately Critical - Access bypass - DRUPAL-SA-CONTRIB-2015-139

By Drupal Security Team on 19 Aug 2015 at 14:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-139
Project: Workbench Email (third-party module)
Version: 7.x
Date: 2015-August-19
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass

Compass Rose - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-138

By Drupal Security Team on 5 Aug 2015 at 15:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-138
Project: Compass Rose (third-party module)
Version: 6.x
Date: 2015-August-05
Security risk: 17/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Quick Edit - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-137

By Drupal Security Team on 5 Aug 2015 at 15:38 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-137
Project: Quick Edit (third-party module)
Version: 7.x
Date: 2015-August-05
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Multiple vulnerabilities

Commerce Commonwealth (CBA) - Moderately Critical - Insufficient Verification of API Data - SA-CONTRIB-2015-136

By Drupal Security Team on 29 Jul 2015 at 21:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-136
Project: Commerce Commonwealth (CBA) (third-party module)
Version: 7.x
Date: 2015-August-05
Security risk: 12/25 ( Moderately Critical) AC:Complex/A:None/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Multiple vulnerabilities

Time Tracker - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-135

By Drupal Security Team on 22 Jul 2015 at 15:54 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-135
Project: Time Tracker (third-party module)
Version: 7.x
Date: 2015-July-22
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Multiple vulnerabilities

OSF for Drupal - Critical - Multiple vulnerabilities - SA-CONTRIB-2015-134

By Drupal Security Team on 22 Jul 2015 at 15:46 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-134
Project: OSF for Drupal (third-party module)
Version: 7.x
Date: 2015-July-22
Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting, Access bypass, Cross Site Request Forgery

Path Breadcrumbs - Less Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-133

By Drupal Security Team on 15 Jul 2015 at 16:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-133
Project: Path Breadcrumbs (third-party module)
Version: 7.x
Date: 2015-July-15
Security risk: 7/25 ( Less Critical) AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS

Security advisories for contributed projects

Spotlight - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-142

Ctools - Critical - Multiple Vulnerabilities - SA-CONTRIB-2015-141

Search API Autocomplete - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-140

Workbench Email - Moderately Critical - Access bypass - DRUPAL-SA-CONTRIB-2015-139

Compass Rose - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-138

Quick Edit - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-137

Commerce Commonwealth (CBA) - Moderately Critical - Insufficient Verification of API Data - SA-CONTRIB-2015-136

Time Tracker - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-135

OSF for Drupal - Critical - Multiple vulnerabilities - SA-CONTRIB-2015-134

Path Breadcrumbs - Less Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-133

Pages

Contacting the Security team

Writing secure code

Drupal Steward

News items

Our community

Documentation

Drupal code base

Governance of community