Drupal/core-recommended
This hub aggregates every CVE we track for Drupal/core-recommended, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
3
Critical
1
High
0
In CISA KEV
Severity distribution
CRITICAL3MEDIUM2HIGH1
Monthly trend
0
1
0
0
0
5
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Drupal/core-recommended.
- CVE-2024-55638Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-0089.8
- CVE-2024-55637Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-0079.8
- CVE-2024-55636Drupal core - Less critical - Gadget chain - SA-CORE-2024-0069.8
- CVE-2024-55634Drupal core - Moderately critical - Access bypass - SA-CORE-2024-0048.1
- CVE-2024-12393Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-0035.4
- CVE-2024-45440core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.5.3
Product normalization is registry-driven with AI assist and human review. How it works