Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

jQuery Update - Less Critical - Open Redirect - SA-CONTRIB-2015-158

By Drupal Security Team on 21 Oct 2015 at 16:34 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-158
Project: jQuery Update (third-party module)
Version: 7.x
Date: 2015-October-21
Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Open Redirect

Twilio - Moderately Critical - Access bypass - SA-CONTRIB-2015-157

By Drupal Security Team on 14 Oct 2015 at 20:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-157
Project: Twilio (third-party module)
Version: 7.x
Date: 2015-October-14
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Access bypass

Colorbox - Access bypass - Less Critical - SA-CONTRIB-2015-156

By Drupal Security Team on 7 Oct 2015 at 16:16 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-156
Project: Colorbox (third-party module)
Version: 7.x
Date: 2015-October-07
Security risk: 8/25 ( Less Critical) AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass

Entity Registration - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-155

By Drupal Security Team on 7 Oct 2015 at 15:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-155
Project: Entity Registration (third-party module)
Version: 7.x
Date: 2015-October-07
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Information Disclosure

Stickynote - Cross Site Scripting (XSS) - Moderately Critical - SA-CONTRIB-2015-154

By Drupal Security Team on 7 Oct 2015 at 15:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-154
Project: stickynote (third-party module)
Version: 7.x
Date: 2015-October-07
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Taxonomy Find - Unsupported - SA-CONTRIB-2015-153

By Drupal Security Team on 30 Sep 2015 at 20:16 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-153
Project: Taxonomy Find (third-party module)
Version: 6.x, 7.x
Date: 2015-September-30
Security risk: 13/25 ( Moderately Critical) AC:None/A:Admin/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: Cross Site Scripting

User Dashboard - SQL Injection - Critical - SA-CONTRIB-2015-152

By Drupal Security Team on 30 Sep 2015 at 20:13 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-152
Project: UserDashboard (third-party module)
Version: 7.x
Date: 2015-September-30
Security risk: 19/25 ( Critical) AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:All
Vulnerability: SQL Injection

Scald - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-151

By Drupal Security Team on 16 Sep 2015 at 15:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-151
Project: Scald: Media Management made easy (third-party module)
Version: 7.x
Date: 2015-September-16
Security risk: 11/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon
Vulnerability: Information Disclosure

CMS Updater - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2015-150

By Drupal Security Team on 16 Sep 2015 at 15:05 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2015-150
Project: CMS Updater (third-party module)
Version: 7.x
Date: 2015-September-16
Security risk: 12/25 ( Moderately Critical) AC:Basic/A:User/CI:None/II:Some/E:Proof/TD:All
Vulnerability: Cross Site Scripting, Access bypass

amoCRM - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-149

By Drupal Security Team on 16 Sep 2015 at 14:55 UTC

Advisory ID: SA-CONTRIB-2015-149
Project: amoCRM (third-party module)
Version: 7.x
Date: 2015-September-16
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:Some/E:Proof/TD:Default
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS

jQuery Update - Less Critical - Open Redirect - SA-CONTRIB-2015-158

Twilio - Moderately Critical - Access bypass - SA-CONTRIB-2015-157

Colorbox - Access bypass - Less Critical - SA-CONTRIB-2015-156

Entity Registration - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-155

Stickynote - Cross Site Scripting (XSS) - Moderately Critical - SA-CONTRIB-2015-154

Taxonomy Find - Unsupported - SA-CONTRIB-2015-153

User Dashboard - SQL Injection - Critical - SA-CONTRIB-2015-152

Scald - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-151

CMS Updater - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2015-150

amoCRM - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-149

Pages

News items

Our community

Documentation

Drupal code base

Governance of community