- How many CVEs does project have?
- project has 224 published CVE records since 2021, including 223 in the last two years.
- How many project CVEs are in CISA KEV?
- Yes — 1 of project's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which project products have the most CVEs?
- The project products with the most published CVEs are drupal, ai, social, miniorange_2fa, canvas.
- What are the most common weakness types in project CVEs?
- project's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-862 (Missing Authorization), CWE-863 (Incorrect Authorization).
- Are there public exploits for project vulnerabilities?
- Yes — 4 of project's CVEs have a known public exploit.
- How many critical project vulnerabilities are there?
- project has 16 critical and 47 high-severity CVEs.
- What is the average severity of project CVEs?
- The average CVSS base score across project's scored CVEs is 6.2.