Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020

By Drupal Security Team on 13 Apr 2016 at 15:50 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-020
Project: Features (third-party module)
Version: 7.x
Date: 2016-April-13
Security risk: 7/25 ( Less Critical) AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery, Denial of Service

Drupal Commerce - Less Critical - Information disclosure - SA-CONTRIB-2016-019

By Drupal Security Team on 6 Apr 2016 at 16:16 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-019
Project: Drupal Commerce (third-party module)
Version: 7.x
Date: 2016-April-06
Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Information Disclosure

HybridAuth - Less critical - Multiple vulnerabilities - SA-CONTRIB-2016-018

By Drupal Security Team on 6 Apr 2016 at 15:13 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-018
Project: HybridAuth Social Login (third-party module)
Version: 7.x
Date: 2016-April-06
Security risk: 9/25 ( Less Critical) AC:Complex/A:User/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Information Disclosure, Open Redirect

Login one time - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-017

By Drupal Security Team on 23 Mar 2016 at 14:45 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-017
Project: Login one time (third-party module)
Version: 6.x, 7.x
Date: 2016-March-23
Security risk: 15/25 ( Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Fast Autocomplete - Critical - DOS vulnerability - SA-CONTRIB-2016-016

By Drupal Security Team on 16 Mar 2016 at 15:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-016
Project: Fast Autocomplete (third-party module)
Version: 7.x
Date: 2016-March-16
Security risk: 12/25 ( Moderately Critical) AC:None/A:None/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Denial of Service

Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015

By Drupal Security Team on 9 Mar 2016 at 20:10 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-015
Project: Scald File Provider (third-party module)
Version: 7.x
Date: 2016-March-09
Security risk: 18/25 ( Critical) AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Arbitrary PHP code execution

Fieldable Panels Panes - Moderately Critical - Access Bypass - SA-CONTRIB-2016-014

By Drupal Security Team on 2 Mar 2016 at 15:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-014
Project: Fieldable Panels Panes (FPP) (third-party module)
Version: 7.x
Date: 2016-March-02
Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Access bypass

Node Notify - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-013

By Drupal Security Team on 2 Mar 2016 at 14:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-013
Project: Node Notify (third-party module)
Version: 7.x
Date: 2016-March-02
Security risk: 18/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

Hubspot CTA - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-012 - Unsupported

By Drupal Security Team on 2 Mar 2016 at 14:37 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-012
Project: Hubspot CTA (third-party module)
Version: 7.x
Date: 2016-March-02
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Google Analytics Counter - Moderately Critical - CSRF - SA-CONTRIB-2016-011

By Drupal Security Team on 2 Mar 2016 at 14:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-011
Project: Google Analytics Counter (third-party module)
Version: 7.x
Date: 2016-March-02
Security risk: 12/25 ( Moderately Critical) AC:None/A:Admin/CI:None/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Request Forgery

Pages

Subscribe with RSS

Features - Less Critical - Denial of Service (DoS) - SA-CONTRIB-2016-020

Drupal Commerce - Less Critical - Information disclosure - SA-CONTRIB-2016-019

HybridAuth - Less critical - Multiple vulnerabilities - SA-CONTRIB-2016-018

Login one time - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-017

Fast Autocomplete - Critical - DOS vulnerability - SA-CONTRIB-2016-016

Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015

Fieldable Panels Panes - Moderately Critical - Access Bypass - SA-CONTRIB-2016-014

Node Notify - Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-013

Hubspot CTA - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-012 - Unsupported

Google Analytics Counter - Moderately Critical - CSRF - SA-CONTRIB-2016-011

Pages

News items

Our community

Documentation

Drupal code base

Governance of community