Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 978
GHSA-39g6-x4x8-5jcm
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
GHSA-m4wj-hhwj-47qp
Drupal Core Cross-Site Scripting (XSS) Vulnerability
GHSA-2qph-q8xw-gv7q
Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
GHSA-wpp8-fjgf-pwc7
Drupal Core Vulnerable to Forceful Browsing
CVE-2025-3057
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
CVE-2025-31675
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.
CVE-2025-31674
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
CVE-2025-31673
Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
RLSA-2025:1309
Moderate: gcc-toolset-13-gcc security update
RLSA-2025:1210
Moderate: tbb security update
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-39g6-x4x8-5jcm Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages | CVSS3: 6.1 | 0% Низкий | 7 месяцев назад |
| GHSA-m4wj-hhwj-47qp Drupal Core Cross-Site Scripting (XSS) Vulnerability | CVSS3: 5.4 | 0% Низкий | 7 месяцев назад |
| GHSA-2qph-q8xw-gv7q Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability | 0% Низкий | 7 месяцев назад | |
| GHSA-wpp8-fjgf-pwc7 Drupal Core Vulnerable to Forceful Browsing | CVSS3: 4.6 | 0% Низкий | 7 месяцев назад |
 | CVE-2025-3057 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | CVSS3: 6.1 | 0% Низкий | 7 месяцев назад |
| CVE-2025-31675 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. | CVSS3: 5.4 | 0% Низкий | 7 месяцев назад |
| CVE-2025-31674 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
| CVE-2025-31673 Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | CVSS3: 4.6 | 0% Низкий | 7 месяцев назад |
 | RLSA-2025:1309 Moderate: gcc-toolset-13-gcc security update | 28% Средний | 8 месяцев назад | |
| RLSA-2025:1210 Moderate: tbb security update | 28% Средний | 8 месяцев назад |
Уязвимостей на страницу