Drupal — система управления контентом с открытым исходным кодом. На Drupal работает более миллиона сайтов — от личных блогов до сайтов компаний, политических партий и государственных организаций.
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 988
GHSA-m6vv-vcj8-w8m7
Drupal core allows Object Injection
GHSA-mhpg-hpj5-73r2
Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels
GHSA-83v7-c2cf-p9c2
Drupal core allows Forceful Browsing
GHSA-h89p-5896-f4q8
Drupal core allows Content Spoofing
CVE-2025-13083
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
CVE-2025-13082
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
CVE-2025-13081
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
CVE-2025-13080
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
GHSA-39g6-x4x8-5jcm
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages
GHSA-wpp8-fjgf-pwc7
Drupal Core Vulnerable to Forceful Browsing
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-m6vv-vcj8-w8m7 Drupal core allows Object Injection | CVSS3: 5.9 | 0% Низкий | около 1 месяца назад |
| GHSA-mhpg-hpj5-73r2 Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels | CVSS3: 3.7 | 0% Низкий | около 1 месяца назад |
| GHSA-83v7-c2cf-p9c2 Drupal core allows Forceful Browsing | 0% Низкий | около 1 месяца назад | |
| GHSA-h89p-5896-f4q8 Drupal core allows Content Spoofing | 0% Низкий | около 1 месяца назад | |
 | CVE-2025-13083 Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | CVSS3: 3.7 | 0% Низкий | около 1 месяца назад |
| CVE-2025-13082 User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | CVSS3: 4.3 | 0% Низкий | около 1 месяца назад |
| CVE-2025-13081 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | CVSS3: 5.9 | 0% Низкий | около 1 месяца назад |
| CVE-2025-13080 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | CVSS3: 5.3 | 0% Низкий | около 1 месяца назад |
| GHSA-39g6-x4x8-5jcm Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages | CVSS3: 6.1 | 0% Низкий | 9 месяцев назад |
| GHSA-wpp8-fjgf-pwc7 Drupal Core Vulnerable to Forceful Browsing | CVSS3: 4.6 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу