What is the drupal CNA?
drupal is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 279 CVE records since 2017.
How many CVEs has drupal published?
drupal has published 279 CVE records, including 226 in the last two years.
What is drupal's CVE data quality grade?
RadicalNotion.AI grades drupal's CVE data quality as C, with an overall completeness score of 70.5%. This reflects how consistently its CVE records include vendor (98.9%), product (99.6%), CVSS (2.2%), and CWE (81.4%) information.
What products does drupal publish CVEs for?
drupal most frequently publishes CVEs for Drupal, drupal/core, Drupal Core, drupal/drupal, Core.
Which vendors does drupal cover?
drupal publishes CVEs across 3 distinct vendors, most often Drupal, Packagist:https://packages.drupal.org/8, composer, Packagist, Bitnami.
Is drupal actively publishing CVEs?
drupal is currently active, based on 226 CVEs in the last two years.
What is the average severity of drupal's CVEs?
The average CVSS base score across drupal's scored CVEs is 6.7.
How many critical CVEs has drupal published?
drupal has published 26 critical-severity CVEs and 62 high-severity CVEs.
Are any of drupal's CVEs in CISA's Known Exploited Vulnerabilities catalog?
Yes. 5 of drupal's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
What are the most common weakness types in drupal's CVEs?
drupal's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-863 (Incorrect Authorization), CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-862 (Missing Authorization).
How does drupal rank among CNAs?
By total CVE volume, drupal ranks #72 of 370 CNAs, and it reports more complete CVE records than 20% of all CNAs.
