CVE assignment
Last updated on
12 June 2025
The Drupal project is a CVE Numbering Authority (CNA). A Common Vulnerabilities and Exposures Identifier (CVE ID, or CVE) will be assigned for Drupal core and contributed projects that generally qualify for a Security Advisory and have over 10,000 reported installs.
CVE IDs may also be issued in other cases that match the CNA scope on a reasonable effort basis. Writing CVEs is coordinated in the issue queue of the securitydrupalorg project. People interested in seeing CVEs issued in a timely manner for all advisories should help writing and reviewing the CVE details.
Help improve this page
Page status: No known problems
You can:
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
