Contacting the Security team
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
Security advisories for contributed projects
Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.
SA-CONTRIB-2010-015 - Signwriter - Arbitrary code execution
Drupal Security Team - February 3, 2010 - 20:03
- Advisory ID: DRUPAL-SA-CONTRIB-2010-015
- Project: Signwriter (third-party module)
- Version: 5.x, 6.x
- Date: 2010-February-3
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
SA-CONTRIB-2010-014 - Node Export - Arbitrary code execution
Drupal Security Team - February 3, 2010 - 19:01
- Advisory ID: DRUPAL-SA-CONTRIB-2010-014
- Project: Node Export (third-party module)
- Version: 5.x, 6.x
- Date: 2010-February-3
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
SA-CONTRIB-2010-013 - Menu Breadcrumb - Cross site scripting
Drupal Security Team - February 3, 2010 - 16:19
- Advisory ID: DRUPAL-SA-CONTRIB-2010-013
- Project: Menu Breadcrumb (third-party module)
- Version: 6.x
- Date: 2010-February-03
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2010-012 - ODF Import - Access Bypass (possible Cross Site Scripting)
greggles - February 3, 2010 - 15:44
- Advisory ID: DRUPAL-SA-CONTRIB-2010-012
- Project: ODF Import (third-party module)
- Version: 6.x-1.0
- Date: 2010-February-3
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2010-011 - Feedback - Cross Site Scripting
Drupal Security Team - January 27, 2010 - 22:50
- Advisory ID: DRUPAL-SA-CONTRIB-2010-011
- Project: Feedback (third-party module)
- Version: 5.x, 6.x
- Date: 2010-January-27
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2010-010 - Author Contact - Cross site scripting
coltrane - January 27, 2010 - 20:28
- Advisory ID: DRUPAL-SA-CONTRIB-2010-010
- Project: Author Contact (third-party module)
- Version: 5.x, 6.x
- Date: 2010-January-27
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2010-009 - Block Class - Cross Site Scripting
Drupal Security Team - January 20, 2010 - 18:51
- Advisory ID: DRUPAL-SA-CONTRIB-2010-009
- Project: Block Class (third-party module)
- Version: 6.x-1.2, 5.x-1.1
- Date: 2010-January-20
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2010-008 - Recent Comments - Cross Site Scripting
Drupal Security Team - January 20, 2010 - 18:36
- Advisory ID: DRUPAL-SA-CONTRIB-2010-008
- Project: Recent Comments (third-party module)
- Version: 6.x-1.0, 5.x-1.2
- Date: 2010-January-20
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2010-007 - Control Panel - Cross Site Scripting
Drupal Security Team - January 20, 2010 - 18:12
- Advisory ID: DRUPAL-SA-CONTRIB-2010-007
- Project: Control Panel (third-party module)
- Version: 5.x, 6.x
- Date: 2010-January-20
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2010-006 - Bibliography Module - Cross Site Scripting
Drupal Security Team - January 13, 2010 - 20:46
- Advisory ID: DRUPAL-SA-CONTRIB-2010-006
- Project: Bibliography (third-party module)
- Version: 5.x, 6.x
- Date: 2010-January-13
- Security risk: Moderately Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
