Drupal core
This hub aggregates every CVE we track for Drupal core, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
50
CVEs tracked
7
Critical
15
High
3
In CISA KEV
Severity distribution
MEDIUM27HIGH15CRITICAL7LOW1
Monthly trend
0
1
0
0
0
8
0
0
4
0
0
0
0
0
0
0
4
0
0
0
0
0
4
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Drupal core.
- CVE-2026-9082Drupal core - Highly critical - SQL injection - SA-CORE-2026-004KEV6.5
- CVE-2026-6367Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-0036.1
- CVE-2026-6366Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-0026.6
- CVE-2026-6365Drupal core - Critical - Cross-site scripting - SA-CORE-2026-0016.1
- CVE-2025-13083Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-0083.7
- CVE-2025-13082Drupal core - Moderately critical - Defacement - SA-CORE-2025-0074.3
- CVE-2025-13081Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-0065.9
- CVE-2025-13080Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-0055.3
- CVE-2025-31675Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-0045.4
- CVE-2025-31674Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-0037.5
- CVE-2025-31673Drupal core - Moderately critical - Access bypass - SA-CORE-2025-0024.6
- CVE-2025-3057Drupal core - Critical - Cross site scripting - SA-CORE-2025-0016.1
- CVE-2024-55638Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-0089.8
- CVE-2024-55637Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-0079.8
- CVE-2024-55636Drupal core - Less critical - Gadget chain - SA-CORE-2024-0069.8
Product normalization is registry-driven with AI assist and human review. How it works