Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Metatag -Moderately Critical - Information disclosure - SA-CONTRIB-2017-019

By Drupal Security Team on 15 Feb 2017 at 17:21 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-019
Project: Metatag (third-party module)
Version: 7.x
Date: 2017-February-15
Security risk: 11/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Proof/TD:Uncommon
Vulnerability: Information Disclosure

RESTful - Moderately Critical - Access Bypass - SA-CONTRIB-2017-018

By Drupal Security Team on 15 Feb 2017 at 16:55 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-018
Project: RESTful (third-party module)
Version: 7.x
Date: 2017-February-15
Security risk: 11/25 ( Moderately Critical) AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass

Flag clear - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2017-017

By Drupal Security Team on 15 Feb 2017 at 16:42 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-017
Project: Flag clear (third-party module)
Version: 7.x
Date: 2017-February-15
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:Admin/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery

Search API Sorts - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-016

By Drupal Security Team on 15 Feb 2017 at 16:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-016
Project: Search API sorts (third-party module)
Version: 7.x
Date: 2017-February-15
Security risk: 12/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Hotjar - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-015

By Drupal Security Team on 15 Feb 2017 at 16:19 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-015
Project: Hotjar (third-party module)
Version: 7.x, 8.x
Date: 2017-February-15
Security risk: 12/25 ( Moderately Critical) AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

OSF for Drupal - Less Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-014

By Drupal Security Team on 8 Feb 2017 at 19:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-014
Project: OSF for Drupal (third-party module)
Version: 7.x
Date: 2017-February-08
Security risk: 5/25 ( Less Critical) AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Cross Site Scripting

Acquia Content Hub - Moderately Critical - Access Bypass - SA-CONTRIB-2017-013

By Drupal Security Team on 8 Feb 2017 at 18:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-013
Project: Acquia Content Hub (third-party module)
Version: 8.x
Date: 2017-February-08
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass

Wetkit Omega - Moderately Critical - Access Bypass - SA-CONTRIB-2017-012

By Drupal Security Team on 8 Feb 2017 at 17:00 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-012
Project: Web Experience Toolkit: Omega (third-party module)
Version: 7.x
Date: 2017-February-08
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Proof/TD:Uncommon
Vulnerability: Access bypass

Facebook Pull - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-011

By Drupal Security Team on 8 Feb 2017 at 16:45 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-011
Project: Facebook Pull (third-party module)
Version: 7.x
Date: 2017-February-08
Security risk: 15/25 ( Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Storage API stream wrappers - Moderately Critical - Access bypass - SA-CONTRIB-2017-010

By Drupal Security Team on 8 Feb 2017 at 16:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-010
Project: Storage API stream wrappers (third-party module)
Version: 7.x
Date: 2017-February-08
Security risk: 13/25 ( Moderately Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass

Pages

Subscribe with RSS

Metatag -Moderately Critical - Information disclosure - SA-CONTRIB-2017-019

RESTful - Moderately Critical - Access Bypass - SA-CONTRIB-2017-018

Flag clear - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2017-017

Search API Sorts - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-016

Hotjar - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-015

OSF for Drupal - Less Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-014

Acquia Content Hub - Moderately Critical - Access Bypass - SA-CONTRIB-2017-013

Wetkit Omega - Moderately Critical - Access Bypass - SA-CONTRIB-2017-012

Facebook Pull - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-011

Storage API stream wrappers - Moderately Critical - Access bypass - SA-CONTRIB-2017-010

Pages

News items

Our community

Documentation

Drupal code base

Governance of community