Information on source package drupal7

Available versions

ReleaseVersion
jessie7.32-1+deb8u12
jessie (security)7.32-1+deb8u13
stretch (security)7.52-2+deb9u5

Open unimportant issues

BugjessiestretchDescription
CVE-2007-6752vulnerablevulnerable** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in ...

Resolved issues

BugDescription
TEMP-0911337-06D812Injection in DefaultMailSystem::mail()
TEMP-0911336-06ADE0External URL injection through URL aliases
CVE-2018-7602A remote code execution vulnerability exists within multiple ...
CVE-2018-7600Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x ...
CVE-2017-6932Drupal core 7.x versions before 7.57 has an external link injection ...
CVE-2017-6929A jQuery cross site scripting vulnerability is present when making ...
CVE-2017-6928Drupal core 7.x versions before 7.57 when using Drupal's private file ...
CVE-2017-6927Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 ...
CVE-2017-6922Files uploaded by anonymous users into a private file system can be accessed by other anonymous users
CVE-2016-9452The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote ...
CVE-2016-9451Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...
CVE-2016-9450The user password reset form in Drupal 8.x before 8.2.3 allows remote ...
CVE-2016-9449The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 ...
CVE-2016-7572The system.temporary route in Drupal 8.x before 8.1.10 does not ...
CVE-2016-7571Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 ...
CVE-2016-7570Drupal 8.x before 8.1.10 does not properly check for "Administer ...
CVE-2016-6211The User module in Drupal 7.x before 7.44 allows remote authenticated ...
CVE-2016-3171Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before ...
CVE-2016-3170The "have you forgotten your password" links in the User module in ...
CVE-2016-3169The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows ...
CVE-2016-3168The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might ...
CVE-2016-3167Open redirect vulnerability in the drupal_goto function in Drupal 6.x ...
CVE-2016-3166CRLF injection vulnerability in the drupal_set_header function in ...
CVE-2016-3165The Form API in Drupal 6.x before 6.38 ignores access restrictions on ...
CVE-2016-3164Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might ...
CVE-2016-3163The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might ...
CVE-2016-3162The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows ...
CVE-2015-7943Open redirect vulnerability in the Overlay module in Drupal 7.x before ...
CVE-2015-6665Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal ...
CVE-2015-6661Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to ...
CVE-2015-6660The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not ...
CVE-2015-6659SQL injection vulnerability in the SQL comment filtering system in the ...
CVE-2015-6658Cross-site scripting (XSS) vulnerability in the Autocomplete system in ...
CVE-2015-3234The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows ...
CVE-2015-3233Open redirect vulnerability in the Overlay module in Drupal 7.x before ...
CVE-2015-3232Open redirect vulnerability in the Field UI module in Drupal 7.x ...
CVE-2015-3231The Render cache system in Drupal 7.x before 7.38, when used to cache ...
CVE-2015-2750Open redirect vulnerability in URL-related API functions in Drupal 6.x ...
CVE-2015-2749Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before ...
CVE-2015-2559Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated ...
CVE-2014-9016The password hashing API in Drupal 7.x before 7.34 and the Secure ...
CVE-2014-9015Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to ...
CVE-2014-5267modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 ...
CVE-2014-5266The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 ...
CVE-2014-5265The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 ...
CVE-2014-5022Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal ...
CVE-2014-5021Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x ...
CVE-2014-5020The File module in Drupal 7.x before 7.29 does not properly check ...
CVE-2014-5019The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 ...
CVE-2014-3704The expandArguments function in the database abstraction API in Drupal ...
CVE-2014-2983Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate ...
CVE-2014-1476The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an ...
CVE-2014-1475The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows ...
CVE-2013-6389Open redirect vulnerability in the Overlay module in Drupal 7.x before ...
CVE-2013-6388Cross-site scripting (XSS) vulnerability in the Color module in Drupal ...
CVE-2013-6387Cross-site scripting (XSS) vulnerability in the Image module in Drupal ...
CVE-2013-6386Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand ...
CVE-2013-6385The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used ...
CVE-2013-1887Multiple cross-site scripting (XSS) vulnerabilities in the Views ...
CVE-2013-0316The Image module in Drupal 7.x before 7.20 allows remote attackers to ...
CVE-2013-0246The Image module in Drupal 7.x before 7.19, when a private file system ...
CVE-2013-0245The printer friendly version functionality in the Book module in ...
CVE-2013-0244Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and ...
CVE-2012-5653The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 ...
CVE-2012-5651Drupal 6.x before 6.27 and 7.x before 7.18 displays information for ...
CVE-2012-4554The OpenID module in Drupal 7.x before 7.16 allows remote OpenID ...
CVE-2012-4553Drupal 7.x before 7.16 allows remote attackers to obtain sensitive ...
CVE-2012-2922The request_path function in includes/bootstrap.inc in Drupal 7.14 and ...
CVE-2012-2153Drupal 7.x before 7.14 does not properly restrict access to nodes in a ...
CVE-2012-1591The image module in Drupal 7.x before 7.14 does not properly check ...
CVE-2012-1590The forum list in Drupal 7.x before 7.14 does not properly check user ...
CVE-2012-1589Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 ...
CVE-2012-1588Algorithmic complexity vulnerability in the _filter_url function in ...
CVE-2012-0827The File module in Drupal 7.x before 7.11, when using unspecified ...
CVE-2012-0826Cross-site request forgery (CSRF) vulnerability in the Aggregator ...
CVE-2012-0825Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that ...
CVE-2011-2726SA-CORE-2011-003
CVE-2011-2687Drupal 7.x before 7.3 allows remote attackers to bypass intended ...

Security announcements

DSA / DLADescription
DLA-1550-1drupal7 - security update
DSA-4323-1drupal7 - security update
DLA-1365-1drupal7 - security update
DSA-4180-1drupal7 - security update
DSA-4180-1drupal7 - security update
DSA-4156-1drupal7 - security update
DSA-4156-1drupal7 - security update
DLA-1325-1drupal7 - security update
DLA-1295-1drupal7 - security update
DSA-4123-1drupal7 - security update
DSA-4123-1drupal7 - security update
DLA-1004-1drupal7 - security update
DSA-3897-1drupal7 - security update
DSA-3897-1drupal7 - security update
DLA-715-1drupal7 - security update
DSA-3718-1drupal7 - security update
DLA-550-1drupal7 - security update
DLA-548-1drupal7 - security update
DSA-3604-1drupal7 - security update
DSA-3498-1drupal7 - security update
DSA-3498-1drupal7 - security update
DSA-3346-1drupal7 - security update
DSA-3346-1drupal7 - security update
DSA-3291-1drupal7 - security update
DSA-3291-1drupal7 - security update
DSA-3200-1drupal7 - security update
DSA-3075-1drupal7 - security update
DSA-3051-1drupal7 - security update
DSA-2999-1drupal7 - security update
DSA-2983-1drupal7 - security update
DSA-2913-1drupal7 - security update
DSA-2847-1drupal7 - several
DSA-2804-1drupal7 - several

Search for package or bug name: Reporting problems