Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Better Exposed Filters - Less Critical - Cross Site Sscripting (XSS) - SA-CONTRIB-2017-009

By Drupal Security Team on 1 Feb 2017 at 15:50 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-009
Project: Better Exposed Filters (third-party module)
Version: 7.x
Date: 2017-February-01
Security risk: 7/25 ( Less Critical) AC:Complex/A:Admin/CI:None/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Cross Site Scripting

SalesCloud - Critical - Unsupported - SA-CONTRIB-2017-008

By Drupal Security Team on 25 Jan 2017 at 18:21 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-008
Project: Salescloud (third-party module)
Version: 7.x
Date: 2017-Jan-25
Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:All

Microblog - Critical - Unsupported - SA-CONTRIB-2017-007

By Drupal Security Team on 25 Jan 2017 at 18:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-007
Project: microblog (third-party module)
Version: 7.x
Date: 2017-Jan-25
Security risk: 19/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Proof/TD:All

OAuth - Less Critical - Access Bypass - SA-CONTRIB-2017-006

By Drupal Security Team on 25 Jan 2017 at 18:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-006
Project: OAuth (third-party module)
Version: 7.x
Date: 2017-January-25
Security risk: 8/25 ( Less Critical) AC:Complex/A:Admin/CI:None/II:Some/E:Theoretical/TD:Default
Vulnerability: Access bypass

Mailjet - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2017-005

By Drupal Security Team on 11 Jan 2017 at 16:25 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-005
Project: (third-party module)
Version: 7.x
Date: 2017-January-11
Security risk: 23/25 ( Highly Critical) AC:None/A:User/CI:All/II:All/E:Exploit/TD:All
Vulnerability: Arbitrary PHP code execution

OpenLucius - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-004

By Drupal Security Team on 11 Jan 2017 at 16:23 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-004
Project: OpenLucius (third-party distribution)
Version: 7.x
Date: 2017-January-11
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

Autocomplete Deluxe - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-003

By Drupal Security Team on 11 Jan 2017 at 15:42 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-003
Project: Autocomplete Deluxe (third-party module)
Version: 7.x
Date: 2017-January-11
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Doubleclick for Publishers (DFP) - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-002

By Drupal Security Team on 4 Jan 2017 at 19:25 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-002
Project: Doubleclick for Publishers (DFP) (third-party module)
Version: 7.x
Date: 2017-January-04
Security risk: 10/25 ( Moderately Critical) AC:Complex/A:User/CI:None/II:None/E:Exploit/TD:All
Vulnerability: Cross Site Scripting

Permissions by Term -- Critical - Multiple vulnerabilities - SA-CONTRIB-2017-001

By Drupal Security Team on 4 Jan 2017 at 18:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2017-001
Project: Permissions by Term (third-party module)
Version: 8.x
Date: 2017-January-04
Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass, Information Disclosure

PHPmailer 3rd party library - PSA-2016-004

Date:

2016-December-26

Advisory ID: DRUPAL-SA-PSA-2016-004
Project: PHPMailer (third-party library)
Version: 7.x, 8.x
Date: 2016-December-26
Security risk: 23/25 ( Highly Critical) AC:None/A:User/CI:All/II:All/E:Exploit/TD:All
Vulnerability: Arbitrary PHP code execution

Pages

Subscribe with RSS

Better Exposed Filters - Less Critical - Cross Site Sscripting (XSS) - SA-CONTRIB-2017-009

SalesCloud - Critical - Unsupported - SA-CONTRIB-2017-008

Microblog - Critical - Unsupported - SA-CONTRIB-2017-007

OAuth - Less Critical - Access Bypass - SA-CONTRIB-2017-006

Mailjet - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2017-005

OpenLucius - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-004

Autocomplete Deluxe - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2017-003

Doubleclick for Publishers (DFP) - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-002

Permissions by Term -- Critical - Multiple vulnerabilities - SA-CONTRIB-2017-001

PHPmailer 3rd party library - PSA-2016-004

Pages

News items

Our community

Documentation

Drupal code base

Governance of community