Skip to main content Skip to search

Security advisories

These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CORE-2012-002 - Drupal core multiple vulnerabilities

Posted by Drupal Security Team on May 2, 2012 at 3:17pm

Advisory ID: DRUPAL-SA-CORE-2012-002
Project: Drupal core
Version: 7.x
Date: 2012-May-2
Security risk: Critical
Exploitable from: Remote
Vulnerability: Denial of Service, Access bypass, Unvalidated form redirect

SA-CORE-2012-001 - Drupal core multiple vulnerabilities

Posted by Drupal Security Team on February 1, 2012 at 10:06pm

Advisory ID: DRUPAL-SA-CORE-2012-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2012-February-01
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass, Cross Site Request Forgery, Multiple vulnerabilities

SA-CORE-2011-003 - Drupal core - Access bypass

Posted by Drupal Security Team on July 27, 2011 at 7:32pm

Advisory ID: DRUPAL-SA-CORE-2011-003
Project: Drupal core
Version: 7.x
Date: 2011-July-27
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CORE-2011-002 - Drupal core - Access bypass

Posted by Drupal Security Team on June 30, 2011 at 12:13am

Advisory ID: DRUPAL-SA-CORE-2011-002
Project: Drupal core
Version: 7.x
Date: 2011-JUNE-29
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on May 25, 2011 at 6:07pm

Advisory ID: DRUPAL-SA-CORE-2011-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2011-May-25
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass, Cross Site Scripting

SA-CORE-2010-002 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on August 11, 2010 at 7:53pm

Advisory ID: DRUPAL-SA-CORE-2010-002
Project: Drupal core
Version: 5.x, 6.x
Date: 2010-August-11
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on March 3, 2010 at 7:31pm

Advisory ID: DRUPAL-SA-CORE-2010-001
Project: Drupal core
Version: 5.x, 6.x
Date: 2010-March-03
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2009-009 - Drupal Core - Cross site scripting

Posted by Drupal Security Team on December 16, 2009 at 9:17pm

Advisory ID: DRUPAL-SA-CORE-2009-009
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-December-16
Security risk: Not critical
Exploitable from: Remote
Vulnerability: Cross site scripting

SA-CORE-2009-008 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on September 16, 2009 at 7:39pm

Advisory ID: DRUPAL-SA-CORE-2009-008
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-September-16
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on July 1, 2009 at 8:56pm

Advisory ID: DRUPAL-SA-CORE-2009-007
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-July-1
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

Subscribe with RSS

Security announcements

In addition to the news page and sub-tabs, all security announcements are posted to an email list. To subscribe to email: log in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.

You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on Twitter.

Contacting the Security team

In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.

Writing secure code

If you are a Drupal developer, please read the handbook section on Writing secure code.

There are many useful books about Drupal. Here are two that discuss security:

Advertising helps build a successful ecosystem around Drupal.