Skip to main content Skip to search

Security advisories

These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CORE-2012-001 - Drupal core multiple vulnerabilities

Posted by Drupal Security Team on February 1, 2012 at 10:06pm

Advisory ID: DRUPAL-SA-CORE-2012-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2012-February-01
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass, Cross Site Request Forgery, Multiple vulnerabilities

SA-CORE-2011-003 - Drupal core - Access bypass

Posted by Drupal Security Team on July 27, 2011 at 7:32pm

Advisory ID: DRUPAL-SA-CORE-2011-003
Project: Drupal core
Version: 7.x
Date: 2011-July-27
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CORE-2011-002 - Drupal core - Access bypass

Posted by Drupal Security Team on June 30, 2011 at 12:13am

Advisory ID: DRUPAL-SA-CORE-2011-002
Project: Drupal core
Version: 7.x
Date: 2011-JUNE-29
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on May 25, 2011 at 6:07pm

Advisory ID: DRUPAL-SA-CORE-2011-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2011-May-25
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass, Cross Site Scripting

SA-CORE-2010-002 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on August 11, 2010 at 7:53pm

Advisory ID: DRUPAL-SA-CORE-2010-002
Project: Drupal core
Version: 5.x, 6.x
Date: 2010-August-11
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on March 3, 2010 at 7:31pm

Advisory ID: DRUPAL-SA-CORE-2010-001
Project: Drupal core
Version: 5.x, 6.x
Date: 2010-March-03
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2009-009 - Drupal Core - Cross site scripting

Posted by Drupal Security Team on December 16, 2009 at 9:17pm

Advisory ID: DRUPAL-SA-CORE-2009-009
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-December-16
Security risk: Not critical
Exploitable from: Remote
Vulnerability: Cross site scripting

SA-CORE-2009-008 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on September 16, 2009 at 7:39pm

Advisory ID: DRUPAL-SA-CORE-2009-008
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-September-16
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

Posted by Drupal Security Team on July 1, 2009 at 8:56pm

Advisory ID: DRUPAL-SA-CORE-2009-007
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-July-1
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2009-006 - Drupal core - Cross site scripting

Posted by Drupal Security Team on May 13, 2009 at 7:47pm

Advisory ID: DRUPAL-SA-CORE-2009-006
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-May-13
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site scripting

Subscribe with RSS

Security announcements

All security announcements are posted to an email list as well. Once logged in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.

You can also get rss feeds for core, contrib, or public service announcements or follow @drupalsecurity on twitter.

Contacting the Security Team

In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.

Writing Secure Code

If you are a Drupal developer, please read the handbook section on Writing secure code.

There are many useful books about Drupal. Here are two that discuss security:

Advertising helps build a successful ecosystem around Drupal.