Homepage

drupal7 vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the drupal7 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Unrestricted Upload of File with Dangerous Type

<7.26-1ubuntu0.1+esm2
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Cross-site Scripting (XSS)

*
  • L
Improper Input Validation

*
  • M
Directory Traversal

*
  • M
Inclusion of Functionality from Untrusted Control Sphere

*
  • M
Improper Input Validation

*
  • M
Deserialization of Untrusted Data

*
  • M
Open Redirect

*
  • M
Incorrect Authorization

*
  • M
Link Following

*
  • H
Arbitrary Code Injection

<7.26-1ubuntu0.1+esm2
  • M
Deserialization of Untrusted Data

<7.26-1ubuntu0.1+esm2
  • H
CVE-2018-7602

<7.26-1ubuntu0.1+esm1
  • L
Files or Directories Accessible to External Parties

*
  • H
Improper Input Validation

<7.26-1ubuntu0.1+esm1
  • L
Incorrect Permission Assignment for Critical Resource

*
  • M
Cross-site Scripting (XSS)

*
  • M
Open Redirect

*
  • M
Cross-site Scripting (XSS)

*
  • M
Open Redirect

*
  • M
Open Redirect

<7.26-1ubuntu0.1+esm1
  • M
Open Redirect

<7.26-1ubuntu0.1+esm1
  • M
Open Redirect

*
  • M
Information Exposure

*
  • M
Access Restriction Bypass

*
  • M
Security Features

*
  • M
Security Features

*
  • M
CVE-2016-3164

*
  • M
Access Restriction Bypass

*
  • M
Information Exposure

*
  • M
Improper Access Control

*
  • M
Information Exposure

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
SQL Injection

*
  • M
Cross-site Scripting (XSS)

*
  • L
CVE-2015-3232

*
  • M
CVE-2015-3233

*
  • L
Information Exposure

*
  • M
Improper Input Validation

*
  • M
Improper Access Control

<7.26-1ubuntu0.1+esm1
  • M
Access Restriction Bypass

*
  • M
CVE-2014-9016

*
  • M
SQL Injection

<7.26-1ubuntu0.1
  • M
Access Restriction Bypass

*
  • M
Resource Management Errors

*
  • M
Resource Management Errors

*
  • M
Improper Input Validation

*
  • M
Access Restriction Bypass

*
  • M
Cross-site Scripting (XSS)

*
  • M
Cross-site Scripting (XSS)

*
  • M
Information Exposure

*
  • L
Cross-site Request Forgery (CSRF)

*