Drupal/core
This hub aggregates every CVE we track for Drupal/core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
91
CVEs tracked
12
Critical
32
High
4
In CISA KEV
Severity distribution
MEDIUM46HIGH32CRITICAL12LOW1
Monthly trend
0
1
0
0
0
7
0
0
4
0
0
0
0
0
0
0
4
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Drupal/core.
- CVE-2025-13083Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-0083.7
- CVE-2025-13082Drupal core - Moderately critical - Defacement - SA-CORE-2025-0074.3
- CVE-2025-13081Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-0065.9
- CVE-2025-13080Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-0055.3
- CVE-2025-31675Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-0045.4
- CVE-2025-31674Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-0037.5
- CVE-2025-31673Drupal core - Moderately critical - Access bypass - SA-CORE-2025-0024.6
- CVE-2025-3057Drupal core - Critical - Cross site scripting - SA-CORE-2025-0016.1
- CVE-2024-55638Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-0089.8
- CVE-2024-55637Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-0079.8
- CVE-2024-55636Drupal core - Less critical - Gadget chain - SA-CORE-2024-0069.8
- CVE-2024-55634Drupal core - Moderately critical - Access bypass - SA-CORE-2024-0048.1
- CVE-2024-12393Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-0035.4
- CVE-2024-11942Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-0025.9
- CVE-2024-11941Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-0017.5
Product normalization is registry-driven with AI assist and human review. How it works