Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Field Group - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-001

By Drupal Security Team on 6 Jan 2016 at 17:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2016-001
Project: Field Group (third-party module)
Version: 7.x
Date: 2016-January-06
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Block Class - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-175

By Drupal Security Team on 16 Dec 2015 at 19:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-175
Project: Block Class (third-party module)
Version: 7.x
Date: 2015-December-16
Security risk: 19/25 ( Critical) AC:None/A:Admin/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Open Atrium - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-174

By Drupal Security Team on 16 Dec 2015 at 16:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-174
Project: Open Atrium (third-party module)
Version: 7.x
Date: 2015-December-16
Security risk: 17/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Select2 Field Widget - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-173

By Drupal Security Team on 16 Dec 2015 at 15:44 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-173
Project: Select2 Field Widget (third-party module)
Version: 7.x
Date: 2015-December-16
Security risk: 17/25 ( Critical) AC:None/A:None/CI:Some/II:Some/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Values - Critical - Arbitrary PHP code execution - SA-CONTRIB-2015-172

By Drupal Security Team on 16 Dec 2015 at 15:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-172
Project: Values (third-party module)
Version: 7.x
Date: 2015-December-16
Security risk: 16/25 ( Critical) AC:Basic/A:Admin/CI:All/II:All/E:Proof/TD:Uncommon
Vulnerability: Arbitrary PHP code execution

Drupal core - Critical - Remote installation - PSA-2015-001

Date:

2015-December-02

Advisory ID: DRUPAL-PSA-2015-001 (corrected from DRUPAL-PSA-CONTRIB-2015-001)
Project: Drupal core
Version: 6.x, 7.x, 8.x
Date: 2015-December-02
Security risk: 17/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Exploit/TD:Uncommon
Vulnerability: Multiple vulnerabilities

Token Insert Entity - Moderately Critical - Access bypass and information disclosure - SA-CONTRIB-2015-171

By Drupal Security Team on 2 Dec 2015 at 20:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-171
Project: Token Insert Entity (third-party module)
Version: 7.x
Date: 2015-December-02
Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass, Information Disclosure

Apache Solr Search - Moderately Critical - Access Bypass - SA-CONTRIB-2015-170

By Drupal Security Team on 2 Dec 2015 at 19:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-170
Project: Apache Solr Search (third-party module)
Version: 6.x, 7.x
Date: 2015-December-02
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Proof/TD:Default
Vulnerability: Access bypass

Chat Room - Moderately Critical - Access Bypass - SA-CONTRIB-2015-169

By Drupal Security Team on 2 Dec 2015 at 17:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-169
Project: Chat Room (third-party module)
Version: 7.x
Date: 2015-December-02
Security risk: 11/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: Access bypass

Mollom - Critical - Access bypass - SA-CONTRIB-2015-168

By Drupal Security Team on 2 Dec 2015 at 16:17 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-168
Project: Mollom (third-party module)
Version: 6.x
Date: 2015-December-02
Security risk: 16/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass

Pages

Subscribe with RSS

Field Group - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-001

Block Class - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-175

Open Atrium - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-174

Select2 Field Widget - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-173

Values - Critical - Arbitrary PHP code execution - SA-CONTRIB-2015-172

Drupal core - Critical - Remote installation - PSA-2015-001

Token Insert Entity - Moderately Critical - Access bypass and information disclosure - SA-CONTRIB-2015-171

Apache Solr Search - Moderately Critical - Access Bypass - SA-CONTRIB-2015-170

Chat Room - Moderately Critical - Access Bypass - SA-CONTRIB-2015-169

Mollom - Critical - Access bypass - SA-CONTRIB-2015-168

Pages

News items

Our community

Documentation

Drupal code base

Governance of community