Contacting the Security team
In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.
Security advisories for contributed projects
Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.
SA-CONTRIB-2009-038 - Nodequeue - Multiple vulnerabilities
Drupal Security Team - June 10, 2009 - 22:15
- Advisory ID: DRUPAL-SA-CONTRIB-2009-038
- Project: Nodequeue (third-party module)
- Version: 5.x, 6.x
- Date: 2009-June-10
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
SA-CONTRIB-2009-037 - Views - Multiple vulnerabilities
Drupal Security Team - June 10, 2009 - 21:59
- Advisory ID: DRUPAL-SA-CONTRIB-2009-037
- Project: Views
- Versions: 6.x-2.x
- Date: 2009-June-10
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting (XSS), Access Bypass
SA-CONTRIB-2009-036 - Services - Impersonation
Drupal Security Team - June 10, 2009 - 21:07
- Advisory ID: SA-CONTRIB-2009-036
- Project: Services (third-party module)
- Version: 6.x
- Date: 2009 June 10
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Impersonation
SA-CONTRIB-2009-035 - Booktree - Cross site scripting
Drupal Security Team - June 10, 2009 - 18:07
- Advisory ID: DRUPAL-SA-CONTRIB-2009-035
- Project: Booktree (third-party module)
- Version: 5.x, 6.x
- Date: 2009-June-10
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2009-034 - Taxonomy manager - Cross site scripting
Drupal Security Team - June 10, 2009 - 17:54
- Advisory ID: DRUPAL-SA-CONTRIB-2009-034
- Project: Taxonomy manager (third-party module)
- Version: 5.x, 6.x
- Date: 2009-June-10
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2009-033 - Quiz - Cross site scripting
Drupal Security Team - June 3, 2009 - 20:34
- Advisory ID: DRUPAL-SA-CONTRIB-2009-033
- Project: Quiz (third-party module)
- Version: 5.x, 6.x
- Date: 2009-June-03
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2009-032 - Webform - Cross-site scripting
Drupal Security Team - June 3, 2009 - 20:03
- Advisory ID: DRUPAL-SA-CONTRIB-2009-032
- Project: Webform (third-party module)
- Versions: 5.x, 6.x
- Date: 2009-June-03
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross-site scripting
SA-CONTRIB-2009-031 - Ajax Session - Multiple vulnerabilities
Drupal Security Team - May 27, 2009 - 17:20
- Advisory ID: DRUPAL-SA-CONTRIB-2009-031
- Project: Ajax Session (third-party module)
- Version: 5.x
- Date: 2009 May 27
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
SA-CONTRIB-2009-030 - Email Verification - Information disclosure / Cross Site Scripting
Drupal Security Team - May 20, 2009 - 20:09
- Advisory ID: DRUPAL-SA-CONTRIB-2009-030
- Project: Email Verification (third-party module)
- Version: 5.x, 6.x
- Date: 2009-May-20
- Security risk: High
- Exploitable from: Remote
- Vulnerability: Information disclosure, Cross Site Scripting
SA-CONTRIB-2009-029 - Views Bulk Operations - Access Bypass
Drupal Security Team - May 20, 2009 - 20:07
- Advisory ID: DRUPAL-SA-CONTRIB-2009-029
- Project: Views Bulk Operations (third-party module)
- Version: 5.x, 6.x
- Date: 2009-May-20
- Security risk: Medium
- Exploitable from: Remote
- Vulnerability: Access bypass
