Drupal 8 will reach its end-of-life on November 2, 2021, before the release of Drupal 9.3.0, due to Symfony 3's end-of-life. If you are using Drupal 8, you must upgrade to Drupal 9.2 before November to keep your site secure. (Drupal 9.1 security coverage ends shortly after the Drupal 8 end-of-life, so updating to 9.2 directly is best.)
There is no vendor extended support program for Drupal 8.
This project is related to Opigno LMS distribution. It implements the learning path, that combines together in a very flexible way the differents steps of a training in Opigno LMS.
The module does not set X-Frame-Options and blocks ability of other modules (e.g Security Kit) to add them, leaving it vulnerable to Clickjacking.
This module provides a revision UI to Block Content entities.
The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.
This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided by Block Content Revision UI, and another affected module must be enabled.
This module provides a revision UI to Linky entities.
The module doesn't sufficiently respect access restrictions to certain entities when used in conjunction with specific modules.
This vulnerability is mitigated by the fact that an attacker must have a role with any of the permissions provided by Linky Revision UI, and another affected module must be enabled.
Chaos tool suite (ctools) module provides a number of APIs and extensions for Drupal, its 8.x-3.x branch is a start from scratch to evaluate the features of ctools that didn't make it into Drupal Core 8.0.x and port them.
The module doesn't sufficiently handle block access control on its EntityView plugin. This is a followup to more fully implement the fixes from SA-CONTRIB-2021-009
This module allows users to authenticate against an Oauth 2.0 / OpenID Connect identity provider to login to your Drupal site.
The module doesn't sufficiently protect against unauthorized local access, by way of using the 'password reset' facility, for users who are supposed to only be able to log in through the identity provider. This creates a scenario where after such a user is blocked from logging in through the identity provider but not explicitly blocked in Drupal, they are still able to log in by sending themselves a Drupal 'password reset' e-mail.
This module lets you craft and expose a GraphQL web service API.
The module does not sufficiently protect arbitrary exception and error messages thereby exposing an information disclosure vulnerability.
This vulnerability is mitigated by the fact that a GraphQL server must be enabled and a data producer be configured that throws exceptions with confidential error messages that must not be exposed over the GraphQL API.
The Frequently Asked Questions (faq) module allows users, with appropriate permissions, to create question and answer pairs which they want displayed on the 'faq' page. The 'faq' page is automatically generated from the FAQ nodes configured. Basic Views layouts are also provided and can be customised via the Views UI (rather than via the module settings page).
The module doesn't sufficiently sanitize editor input leading to a Cross Site Scripting (XSS) vulnerability.
