Drupal Association
Security Scorecard
Score
81C
Total CVEs
18
Patch Rate
78%
14 patched
Avg Response
56d
days to patch
Critical Gaps
0
exploitable, no detection
Severity Breakdown
Critical1
High3
Medium14
Low0
Patch Status
Patched14 (78%)
Partial/Workaround0 (0%)
Unpatched4 (22%)
CVEs (18)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-14840 | Drupal HTTP Client Manager Vulnerability | High | 7.5 | - | Patched |
| CVE-2025-13983 | Drupal Tagify XSS | Medium | 5.4 | - | Patched |
| CVE-2025-13982 | Drupal Login Time Restriction CSRF | High | 8.1 | 1d | Unpatched |
| CVE-2025-12848 | - | Medium | 6.1 | 19d | Unpatched |
| CVE-2025-12760 | - | Medium | 5.4 | 27d | Patched |
| CVE-2025-13081 | - | Medium | 5.9 | 27d | Patched |
| CVE-2025-13082 | - | Medium | 4.3 | 27d | Patched |
| CVE-2025-13080 | - | Medium | 5.3 | 27d | Patched |
| CVE-2025-10927 | - | Medium | 6.1 | 50d | Patched |
| CVE-2025-12083 | - | Medium | 6.1 | 50d | Patched |