These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CORE-2009-009 - Drupal Core - Cross site scripting

  • Advisory ID: DRUPAL-SA-CORE-2009-009
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-December-16
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-CORE-2009-008 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CORE-2009-008
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-September-16
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CORE-2009-007
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-July-1
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CORE-2009-006 - Drupal core - Cross site scripting

  • Advisory ID: DRUPAL-SA-CORE-2009-006
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-May-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-CORE-2009-005 - Drupal core - Cross site scripting

  • Advisory ID: DRUPAL-SA-CORE-2009-005
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-April-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

New pages and RSS feeds for security announcements

Separate Security Announcements by Type

To make the impact of different security advisories and announcements easier to see, they are now separated by type.

Drupal core security advisories: http://drupal.org/security
RSS feed for Drupal core: http://drupal.org/security/rss.xml

Contributed project security advisories: http://drupal.org/security/contrib
RSS feed for contributed projects: http://drupal.org/security/contrib/rss.xml

Public service announcements: http://drupal.org/security/psa
RSS feed for announcements: http://drupal.org/security/psa/rss.xml

We encourage those using RSS readers to track security-related developments to subscribe to all three of these feeds.

All posts to each of these three forums will still be sent to the one security announcements e-mail list. To subscribe to that e-mail list, once logged in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.

All future public service announcements will only be posted to the Public service announcements page and feed.

SA-CORE-2009-004 - Local file inclusion on Windows

  • Advisory ID: DRUPAL-SA-CORE-2009-004
  • Project: Drupal core
  • Versions: 5.x
  • Date: 2009-February-25
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Local file inclusion on Windows
  • Reference: SA-CORE-2009-003 (6.x)

SA-CORE-2009-003 - Local file inclusion on Windows

  • Advisory ID: DRUPAL-SA-CORE-2009-003
  • Project: Drupal core
  • Versions: 6.x
  • Date: 2009-February-25
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Local file inclusion on Windows

SA-CORE-2009-001 Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CORE-2009-001
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2009-January-14
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-2008-073 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-2008-073
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2008-December-10
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

Pages

Subscribe with RSS Subscribe to Security advisories