High Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10)	CVE-2007-0124 CWE-400	CWE-400	High
Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)	CVE-2006-5477 CWE-20	CWE-20	High
Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5)	CWE-20	CWE-20	High
Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)	CVE-2006-5475 CWE-79	CWE-79	High
Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)	CWE-79 CWE-113	CWE-79 CWE-113	High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)	CVE-2005-3974 CWE-264	CWE-264	High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)	CWE-264	CWE-264	High
Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5)	CWE-384	CWE-384	High
Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)	CVE-2006-2742 CWE-89	CWE-89	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)	CVE-2007-0626 CWE-95	CWE-95	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)	CVE-2006-2743 CWE-95	CWE-95	High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)	CVE-2006-5476 CWE-352	CWE-352	High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)	CVE-2008-0272 CWE-352	CWE-352	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)	CVE-2006-2833 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2)	CVE-2006-4002 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)	CVE-2007-0136 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7)	CVE-2007-5596 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10)	CVE-2008-0274 CWE-79	CWE-79	High
Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)	CVE-2007-0124 CWE-400	CWE-400	High
Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)	CVE-2006-5477 CWE-20	CWE-20	High
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)	CVE-2007-5595 CWE-113	CWE-113	High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3)	CVE-2006-5475 CWE-79	CWE-79	High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)	CVE-2007-4064 CWE-79	CWE-79	High
Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - 4.7.1)	CVE-2006-2831 CVE-2006-2832 CWE-79 CWE-95	CWE-79 CWE-95	High
Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7)	CVE-2007-5597 CWE-702	CWE-702	High
Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8)	CVE-2007-6299 CWE-89	CWE-89	High
Drupal Core 4.7.x SQL Injection (4.7.0)	CVE-2006-2742 CWE-89	CWE-89	High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)	CVE-2007-5593 CWE-95	CWE-95	High
Drupal Core 5.x Arbitrary Code Execution (5.0)	CVE-2007-0626 CWE-95	CWE-95	High
Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.2)	CVE-2007-5594 CWE-352	CWE-352	High
Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.5)	CVE-2008-0272 CWE-352	CWE-352	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.2)	CVE-2007-5596 CWE-79	CWE-79	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.5)	CVE-2008-0273 CWE-79	CWE-79	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16)	CVE-2009-1575 CVE-2009-1576 CVE-2009-1844 CWE-79	CWE-79	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17)	CVE-2009-1844 CWE-79	CWE-79	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.20)	CVE-2009-4369 CWE-79	CWE-79	High
Drupal Core 5.x HTTP Response Splitting (5.0 - 5.2)	CVE-2007-5595 CWE-113	CWE-113	High
Drupal Core 5.x Information Disclosure (5.0 - 5.18)	CVE-2009-2374 CWE-200	CWE-200	High
Drupal Core 5.x Local File Inclusion (5.0 - 5.11)	CVE-2008-6171 CWE-22	CWE-22	High
Drupal Core 5.x Local File Inclusion (5.0 - 5.15)	CWE-22	CWE-22	High
Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)	CVE-2007-4063 CWE-352	CWE-352	High
Drupal Core 5.x Multiple Cross-Site Scripting Vulnerabilities (5.0 - 5.1)	CVE-2007-4064 CWE-79	CWE-79	High
Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10)	CVE-2008-4790 CVE-2008-4791 CVE-2008-4792 CVE-2008-4793 CWE-264	CWE-264	High
Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22)	CVE-2010-3092 CVE-2010-3093 CWE-264	CWE-264	High
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7)	CVE-2008-3219 CVE-2008-3220 CVE-2008-3222 CWE-352 CWE-384	CWE-352 CWE-384	High
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.9)	CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3744 CWE-79 CWE-352 CWE-434	CWE-79 CWE-352 CWE-434	High
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.12)	CVE-2008-6532 CVE-2008-6533 CWE-79 CWE-352	CWE-79 CWE-352	High
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.21)	CWE-79 CWE-264 CWE-601	CWE-79 CWE-264 CWE-601	High
Drupal Core 5.x Security Bypass (5.0 - 5.2)	CVE-2007-5597 CWE-702	CWE-702	High
Drupal Core 5.x Session Fixation (5.0 - 5.8)	CWE-384	CWE-384	High
Drupal Core 5.x Session Fixation (5.0 - 5.19)	CWE-384	CWE-384	High
Drupal Core 5.x SQL Injection (5.0 - 5.3)	CVE-2007-6299 CWE-89	CWE-89	High
Drupal Core 5.x SQL Injection (5.0 - 5.14)	CWE-89	CWE-89	High
Drupal Core 6.x Cross-Site Scripting (6.0 - 6.10)	CVE-2009-1575 CVE-2009-1576 CVE-2009-1844 CWE-79	CWE-79	High
Drupal Core 6.x Cross-Site Scripting (6.0 - 6.11)	CVE-2009-1844 CWE-79	CWE-79	High
Drupal Core 6.x Denial of Service (6.0 - 6.32)	CVE-2014-5265 CVE-2014-5266 CVE-2014-5267 CWE-400	CWE-400	High
Drupal Core 6.x Information Disclosure (6.0 - 6.30)	CVE-2014-2983 CWE-200	CWE-200	High
Drupal Core 6.x Local File Inclusion (6.0 - 6.9)	CWE-22	CWE-22	High
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.14)	CVE-2009-4369 CVE-2009-4370 CWE-79	CWE-79	High
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.20)	CWE-79	CWE-79	High
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0)	CVE-2008-1131 CVE-2008-1133 CWE-79	CWE-79	High
Drupal Core 6.x Multiple Security Bypass Vulnerabilities (6.0 - 6.4)	CVE-2008-4789 CVE-2008-4791 CVE-2008-4792 CWE-264	CWE-264	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.2)	CVE-2008-3218 CVE-2008-3219 CVE-2008-3220 CVE-2008-3221 CVE-2008-3222 CVE-2008-3223 CWE-79 CWE-89 CWE-352 CWE-384	CWE-79 CWE-89 CWE-352 CWE-384	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.3)	CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3743 CVE-2008-3744 CVE-2008-3745 CWE-79 CWE-264 CWE-352 CWE-434	CWE-79 CWE-264 CWE-352 CWE-434	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.5)	CVE-2008-6170 CVE-2008-6171 CWE-22 CWE-79	CWE-22 CWE-79	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.6)	CVE-2008-6532 CVE-2008-6533 CWE-79 CWE-352	CWE-79 CWE-352	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.8)	CWE-89 CWE-264	CWE-89 CWE-264	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.12)	CVE-2009-2372 CVE-2009-2373 CVE-2009-2374 CWE-79 CWE-200 CWE-264	CWE-79 CWE-200 CWE-264	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.13)	CWE-264 CWE-352 CWE-434	CWE-264 CWE-352 CWE-434	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.15)	CWE-79 CWE-264 CWE-601	CWE-79 CWE-264 CWE-601	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.17)	CVE-2010-3091 CVE-2010-3092 CVE-2010-3093 CVE-2010-3094 CVE-2010-3685 CVE-2010-3686 CWE-79 CWE-264	CWE-79 CWE-264	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.22)	CVE-2012-0825 CVE-2012-0826 CWE-264 CWE-352	CWE-264 CWE-352	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.26)	CVE-2012-5651 CVE-2012-5652 CVE-2012-5653 CWE-95 CWE-264	CWE-95 CWE-264	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.27)	CVE-2013-0244 CVE-2013-0245 CWE-79 CWE-264	CWE-79 CWE-264	High
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.28)	CVE-2013-6385 CVE-2013-6386 CWE-95 CWE-264 CWE-330	CWE-95 CWE-264 CWE-330	High

Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10)

CVE-2007-0124

CWE-400

High

Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)

CVE-2006-5477

CWE-20

High

Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5)

CWE-20

High

Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)

CVE-2006-5475

CWE-79

High

Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)

CWE-79 CWE-113

High

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)

CVE-2005-3974

CWE-264

High

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)

CWE-264

High

Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5)

CWE-384

High

Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)

CVE-2006-2742

CWE-89

High

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)

CVE-2007-0626

CWE-95

High

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)

CVE-2006-2743

CWE-95

High

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)

CVE-2006-5476

CWE-352

High

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)

CVE-2008-0272

CWE-352

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)

CVE-2006-2833

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2)

CVE-2006-4002

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)

CVE-2007-0136

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7)

CVE-2007-5596

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10)

CVE-2008-0274

CWE-79

High

Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)

CVE-2007-0124

CWE-400

High

Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)

CVE-2006-5477

CWE-20

High

Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)

CVE-2007-5595

CWE-113

High

Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3)

CVE-2006-5475

CWE-79

High

Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)

CVE-2007-4064

CWE-79

High

Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - 4.7.1)

CVE-2006-2831 CVE-2006-2832

CWE-79 CWE-95

High

Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7)

CVE-2007-5597

CWE-702

High

Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8)

CVE-2007-6299

CWE-89

High

Drupal Core 4.7.x SQL Injection (4.7.0)

CVE-2006-2742

CWE-89

High

Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)

CVE-2007-5593

CWE-95

High

Drupal Core 5.x Arbitrary Code Execution (5.0)

CVE-2007-0626

CWE-95

High

Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.2)

CVE-2007-5594

CWE-352

High

Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.5)

CVE-2008-0272

CWE-352

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.2)

CVE-2007-5596

CWE-79

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.5)

CVE-2008-0273

CWE-79

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16)

CVE-2009-1575 CVE-2009-1576 CVE-2009-1844

CWE-79

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17)

CVE-2009-1844

CWE-79

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.20)

CVE-2009-4369

CWE-79

High

Drupal Core 5.x HTTP Response Splitting (5.0 - 5.2)

CVE-2007-5595

CWE-113

High

Drupal Core 5.x Information Disclosure (5.0 - 5.18)

CVE-2009-2374

CWE-200

High

Drupal Core 5.x Local File Inclusion (5.0 - 5.11)

CVE-2008-6171

CWE-22

High

Drupal Core 5.x Local File Inclusion (5.0 - 5.15)

CWE-22

High

Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)

CVE-2007-4063

CWE-352

High

Drupal Core 5.x Multiple Cross-Site Scripting Vulnerabilities (5.0 - 5.1)

CVE-2007-4064

CWE-79

High

Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10)

CVE-2008-4790 CVE-2008-4791 CVE-2008-4792 CVE-2008-4793

CWE-264

High

Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22)

CVE-2010-3092 CVE-2010-3093

CWE-264

High

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7)

CVE-2008-3219 CVE-2008-3220 CVE-2008-3222

CWE-352 CWE-384

High

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.9)

CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3744

CWE-79 CWE-352 CWE-434

High

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.12)

CVE-2008-6532 CVE-2008-6533

CWE-79 CWE-352

High

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.21)

CWE-79 CWE-264 CWE-601

High

Drupal Core 5.x Security Bypass (5.0 - 5.2)

CVE-2007-5597

CWE-702

High

Drupal Core 5.x Session Fixation (5.0 - 5.8)

CWE-384

High

Drupal Core 5.x Session Fixation (5.0 - 5.19)

CWE-384

High

Drupal Core 5.x SQL Injection (5.0 - 5.3)

CVE-2007-6299

CWE-89

High

Drupal Core 5.x SQL Injection (5.0 - 5.14)

CWE-89

High

Drupal Core 6.x Cross-Site Scripting (6.0 - 6.10)

CVE-2009-1575 CVE-2009-1576 CVE-2009-1844

CWE-79

High

Drupal Core 6.x Cross-Site Scripting (6.0 - 6.11)

CVE-2009-1844

CWE-79

High

Drupal Core 6.x Denial of Service (6.0 - 6.32)

CVE-2014-5265 CVE-2014-5266 CVE-2014-5267

CWE-400

High

Drupal Core 6.x Information Disclosure (6.0 - 6.30)

CVE-2014-2983

CWE-200

High

Drupal Core 6.x Local File Inclusion (6.0 - 6.9)

CWE-22

High

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.14)

CVE-2009-4369 CVE-2009-4370

CWE-79

High

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.20)

CWE-79

High

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0)

CVE-2008-1131 CVE-2008-1133

CWE-79

High

Drupal Core 6.x Multiple Security Bypass Vulnerabilities (6.0 - 6.4)

CVE-2008-4789 CVE-2008-4791 CVE-2008-4792

CWE-264

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.2)

CVE-2008-3218 CVE-2008-3219 CVE-2008-3220 CVE-2008-3221 CVE-2008-3222 CVE-2008-3223

CWE-79 CWE-89 CWE-352 CWE-384

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.3)

CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3743 CVE-2008-3744 CVE-2008-3745

CWE-79 CWE-264 CWE-352 CWE-434

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.5)

CVE-2008-6170 CVE-2008-6171

CWE-22 CWE-79

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.6)

CVE-2008-6532 CVE-2008-6533

CWE-79 CWE-352

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.8)

CWE-89 CWE-264

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.12)

CVE-2009-2372 CVE-2009-2373 CVE-2009-2374

CWE-79 CWE-200 CWE-264

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.13)

CWE-264 CWE-352 CWE-434

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.15)

CWE-79 CWE-264 CWE-601

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.17)

CVE-2010-3091 CVE-2010-3092 CVE-2010-3093 CVE-2010-3094 CVE-2010-3685 CVE-2010-3686

CWE-79 CWE-264

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.22)

CVE-2012-0825 CVE-2012-0826

CWE-264 CWE-352

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.26)

CVE-2012-5651 CVE-2012-5652 CVE-2012-5653

CWE-95 CWE-264

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.27)

CVE-2013-0244 CVE-2013-0245

CWE-79 CWE-264

High

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.28)

CVE-2013-6385 CVE-2013-6386

CWE-95 CWE-264 CWE-330

High

High Severity Vulnerabilities

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities