Affiliation/Organization: Drupal Security Team


Time to Patch Stats

For vulnerabilities disclosed through this affiliation where we have sufficient data to calculate the time to patch (1 vulns), the following statistics apply:

Min Time To Patch:112 days
Avg Time To Patch:112 days
Max Time To Patch:112 days

Other Affiliations

Creditees Affiliated with Drupal Security Team have also affiliated with:

madirish.net (1)
Beyond Security's SecuriTeam Secure Disclosure (1)
Drupal (1)

Website: http://drupal.org/

Creditees currently or formerly associated with Drupal Security Team (37):
(ordered by association date)

Known SinceNameVulns Through Affiliation
2008-04-23Stéphane Corlosquet7
2008-09-25Heine Deelstra20
2010-10-29Ivo Van Geertruyen19
2010-11-10Dave Reid5
2010-11-12catch2
2010-12-08mr.baileys3
2011-02-02Greg Knaddison29
2011-02-02Peter Wolanin5
2011-03-23Dylan Wilder-Tack (grendzy)3
2011-04-27David Rothstein4
2011-05-18Justin Klein Keane3
2011-06-29PWolanin2
2012-01-11Dylan Tack10
2012-01-18Owen Barton1
2012-03-14Joshua Brauer1
2012-03-28Michael Hess9
2012-03-28Jakub Suchy4
2012-03-28Stella Power4
2012-03-28Derek Wright3
2012-05-02Károly Négyesi1
2012-05-16coltrane1
2012-05-30Matt Chapman1
2012-06-06John Morahan1
2012-07-11Gerhard Killesreiter1
2012-08-08Klaus Purer9
2012-10-10Hunter Fox6
2012-11-14Damien Tournoud4
2012-11-28Fox1
2012-12-19Simon Rycroft1
2012-12-19Fox (hefox)1
2013-01-16Lee Rowlands2
2013-01-23Joris van Eijden1
2013-06-19David Stoline3
2013-11-06Greg Knaddison (greggles)1
2014-01-08Neil Drumm1
2014-01-15Matt Vance1
2014-02-05Graham Bates1

Disclosed Vulnerabilities (163):

Discl. DateOSVDB IDCVE IDCrediteesTitle
2014-04-16 106005 Greg Knaddison
Block Search Module for Drupal Unspecified SQL Injection
2014-03-06 104084 Heine Deelstra
Mime Mail Module for Drupal Remote Path Traversal File Access
2014-02-26 103768 Heine Deelstra
Mime Mail Module for Drupal Incoming Message Authentication Key Brute Force Weakness
2014-02-12 103284 Tim Wood
Heine Deelstra
Chaos tool suite (ctools) Module for Drupal Non-node Content Access Restriction Bypass
2014-02-12 103285 Tim Wood
Heine Deelstra
Chaos tool suite (ctools) Module for Drupal Relationship Plugin Content Display Access Restriction Bypass
2014-02-12 103287 Stella Power
FileField Module for Drupal Revision File Attachment Permission Verification Private File Disclosure
2014-02-05 102906 Michael Hess
Tagadelic Module for Drupal Unspecified Node Information Disclosure
2014-02-05 102954 Graham Bates
Push Notifications Module for Drupal Authentication Certificates Remote Disclosure
2014-01-22 102375 Heine Deelstra
Secure Cookie Data Module for Drupal HMAC Verification Bypass Cookie Manipulation Weakness
2014-01-22 102376 Heine Deelstra
Jonathan Kuma
Secure Cookie Data Module for Drupal Default Hardcoded HMAC Key
2014-01-15 102125 2014-1476 Matt Vance
Damien Tournoud
Drupal Taxonomy Module Listing Pages Unpublished Content Disclosure
2014-01-08 101908 2014-1399 Neil Drumm
Entity API Module for Drupal Entity Wrapper Access API Referenced Entity Access Check Information Disclosure
2014-01-08 101893 robearls
Dave Reid
Media Module for Drupal File Import Remote File Disclosure
2013-11-21 100031 Lee Rowlands
Miguel Jacq
artfulrobot
Dave Fletcher
Drupal .htaccess Code Execution Prevention Bypass
2013-11-20 100032 Heine Deelstra
Drupal drupal_valid_token() Function Security Token Validation Bypass
2013-11-20 100037 2013-6386 David Stoline
Drupal mt_rand() Function Predictable Seed Insecure Random Number Generator Weakness
2013-11-20 100036 2013-6385 Heine Deelstra
Drupal Third-Party Form Validation Callback Handling CSRF Protection Bypass
2013-11-20 100035 2013-6389 Stéphane Corlosquet
Sebastian Nerz
Drupal Overlay Module Admin Page URL Handling Arbitrary Site Redirect
2013-11-06 99522 Herman van Rink (helmo)
Clemens Tolboom (clemens.tolboom)
Greg Knaddison (greggles)
Payment for Webform Module for Drupal Form Submission Anonymous User Payment Hijacking
2013-10-23 98887 2013-4498 Hunter Fox
Spaces OG Module for Drupal New Group Content Access Restriction Bypass
2013-10-16 98627 2013-4446 Heine Deelstra
Context Module for Drupal AJAX Operation Path URL Argument Handling Remote Code Execution
2013-10-16 98626 2013-4445 Heine Deelstra
Context Module for Drupal JSON Block Rendering Access Token Generation Weakness
2013-09-11 97204 2013-5938
2013-4381
Greg Knaddison
Click2Sell Suite Module for Drupal Confirmation Form Reflected XSS
2013-09-11 97203 2013-5937
2013-4382
Greg Knaddison
Click2Sell Suite Module for Drupal Database Information Deletion CSRF
2013-08-07 96056 2013-4227 Heine Deelstra
Persona Module for Drupal CSRF Protection Bypass
2013-08-07 96062 2013-4228 Nic Ivy
Hunter Fox
Organic Groups Module for Drupal Private Group Node ID Subscription Weakness
2013-08-07 96063 2013-4228 Nic Ivy
Hunter Fox
Organic Groups Module for Drupal Visibility Field Handling Node Exposure
2013-07-24 95625 2013-4174
2013-5315
Klaus Purer
Klaus Purer
Scald Module for Drupal Atom Properties XSS
2013-07-17 95453 Michael Hess
MRBS Module for Drupal Unspecified CSRF
2013-07-17 95452 Michael Hess
MRBS Module for Drupal Unspecified SQL Injection
2013-06-19 94435 2013-2197 David Stoline
Heine Deelstra
Login Security Module for Drupal Delay Feature Authentication Saturation Remote DoS
2013-06-19 94434 2013-2198 David Stoline
Heine Deelstra
Login Security Module for Drupal Unspecified Authentication Bypass
2013-06-05 93980 2013-2158 Klaus Purer
Fredrik Lassen
Services Module for Drupal Unspecified CSRF
2013-05-15 93407 2013-4177 Ivo Van Geertruyen
Lode Vanstechelman
Google Authenticator login Module for Drupal Account Name Handling Remote Bypass
2013-05-15 95851 2013-4178 Ivo Van Geertruyen
Lode Vanstechelman
Google Authenticator login Module for Drupal One-time Password (OTP) Replay Authentication Bypass
2013-04-16 92533 2013-1972 Greg Knaddison
elFinder file manager Module for Drupal File Manipulation CSRF
2013-04-10 92259 2013-1946 Dylan Tack
RESTful Web Services for Drupal Cache Poisoning Remote DoS
2013-04-03 91986 2013-1925 Greg Knaddison
Cash Williams
Chaos tool suite (ctools) Module for Drupal Node Title Disclosure
2013-02-27 90683 2013-1785 Greg Knaddison
Premium Responsive Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90681 2013-1787 Greg Knaddison
Simple Corporate Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90682 2013-1786 Greg Knaddison
Company Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90684 2013-1784 Greg Knaddison
Clean Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90685 2013-1783 Greg Knaddison
Business Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90688 2013-1782 Greg Knaddison
Responsive Blog Theme for Drupal Social Icon Unspecified XSS
2013-02-27 90686 2013-1781 Greg Knaddison
Professional Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90689 2013-1778 Greg Knaddison
Creative Theme for Drupal Social Icon Unspecified XSS
2013-02-27 90687 2013-1779 Greg Knaddison
Fresh Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90690 2013-1780 Greg Knaddison
Best Responsive Theme for Drupal Social Icon Unspecified XSS
2013-02-20 90560 2013-0325 Ivo Van Geertruyen
Varnish HTTP Accelerator Integration Module for Drupal Configuration Settings XSS
2013-02-20 90514 2013-0323 Stéphane Corlosquet
Display Suite Module for Drupal Unspecified XSS
2013-02-13 90223 2013-0317 Michael Hess
Manager Change for Organic Groups Module for Drupal Username XSS
2013-01-23 89535 2013-0225 Klaus Purer
User Relationships Module for Drupal Relationship Names Field XSS
2013-01-23 89570 2013-0224 Joris van Eijden
Video Module for Drupal Temporary File Content Handling Remote Code Execution
2013-01-16 89308 2013-0207 Lee Rowlands
Mark Complete Module for Drupal Unspecified CSRF
2013-01-16 89306 2013-0244 t.ashula
David Rothstein
Drupal DOM Element Selection Unspecified XSS
2012-12-19 88526 2012-5655 Fox (hefox)
Context Module for Drupal Crafted Request Block Content Disclosure
2012-12-19 88528 2012-5651 Derek Wright
Drupal Search Results Blocked User Information Disclosure
2012-12-19 88527 2012-5652 Simon Rycroft
Damien Tournoud
Drupal Upload File Information Disclosure
2012-11-29 97865 Damien Tournoud
Symfony Request::getClientIp() Method IP Access Control Bypass Weakness
2012-11-28 87979 2012-5590 Fox
Webmail Plus Module for Drupal Unspecified SQL Injection
2012-11-14 87407 2012-5556 Damien Tournoud
Klaus Purer
RESTful Web Services Module for Drupal Unspecified CSRF
2012-10-24 87785 2012-5548 Dylan Riordan
Greg Knaddison
Time Spent Module for Drupal Unspecified XSS
2012-10-24 87784 2012-5549 Dylan Riordan
Greg Knaddison
Time Spent Module for Drupal Unspecified CSRF
2012-10-24 87786 2012-5550 Dylan Riordan
Greg Knaddison
Time Spent Module for Drupal Unspecified SQL Injection
2012-10-17 86430 2012-4553 Heine Deelstra
Heine Deelstra
Noam Rathaus
Drupal Reinstallation Arbitrary PHP Code Execution
2012-10-17 87780 2012-5547 Ivo Van Geertruyen
Search API Module for Drupal Search Index Enabling CSRF
2012-10-10 86163 2012-5570 Hunter Fox
Basic webmail Module for Drupal Permission Weakness User Email Disclosure
2012-10-10 86164 2012-5569 Hunter Fox
Basic webmail Module for Drupal Page Title XSS
2012-10-10 86162 2012-5569 Hunter Fox
Basic webmail Module for Drupal Emails XSS
2012-10-03 85892 2012-5542 Ivo Van Geertruyen
Commerce extra panes Module for Drupal Pane Manipulation CSRF
2012-10-03 87776 2012-5540 Klaus Purer
Hostip Module for Drupal Unspecified XSS
2012-09-08 85658 2012-6576 Klaus Purer
PRH Search Module for Drupal PRH (Patentti- ja Rekisterihallitus) Database XSS
2012-09-04 85188 Greg Knaddison
Heartbeat Module for Drupal Comment Posting CSRF
2012-08-29 85065 Derek Wright
John Pret
Views Module for Drupal Global User Object Handling Remote Privilege Escalation
2012-08-28 85053 2012-4500 Michael Hess
Announcements Module for Drupal Node Access Restriction Bypass
2012-08-28 85051 Klaus Purer
Javascript Tool Module for Drupal File Name Verification File Access Restriction Bypass
2012-08-10 84748 2012-4497 Greg Knaddison
Elegant Theme for Drupal 3 Slide Gallery Unspecified XSS
2012-08-08 84527 2012-4493 Klaus Purer
Better Revisions Module for Drupal Unspecified XSS
2012-07-25 84251 2012-4486 Stella Power
Subuser Module for Drupal Parent / Subuser Privilege Swap CSRF
2012-07-25 87213 2012-4487 Stella Power
Subuser Module for Drupal 'Switch Subuser' Permission Check Weakness
2012-07-11 83718 2012-4474 Gerhard Killesreiter
Colorbox Node Module for Drupal Unspecified Script Multiple Parameter XSS
2012-07-11 86879 2012-4482 Dylan Tack
Ubercart SecureTrading Payment Method Module for Drupal Item Purchase Payment Bypass
2012-06-20 88144 2012-4468 Dave Reid
Privatemsg Module for Drupal Private Message User Name XSS
2012-06-13 82957 2012-3798 Peter Wolanin
Janrain Capture Module for Drupal Local User Account Creation Password Generation Brute Force Weakness
2012-06-13 82958 2012-2727 Peter Wolanin
Janrain Capture Module for Drupal User Data Synchronization Arbitrary Site Redirect
2012-06-13 83032 2012-2728 Dylan Tack
Node Hierarchy Module for Drupal Child Heirarchy Manipulation CSRF
2012-06-06 82727 2012-2720 John Morahan
Tokenauth Module for Drupal User Session Reverting Weakness Request Privilege Escalation
2012-05-30 82434 2012-2716 Dylan Tack
Comment Moderation Module for Drupal Comment Publishing CSRF
2012-05-30 82433 2012-2715 Peter Wolanin
Matt Chapman
Amadou Theme for Drupal template.php themes_links() Function Link List Class Addition XSS
2012-05-23 82164 2012-2711 Dylan Wilder-Tack (grendzy)
Taxonomy List Module for Drupal Taxonomy Term Manipulation Taxonomy Information XSS
2012-05-16 82006 2012-2705 coltrane
Smart Breadcrumb Module for Drupal filter_titles() Function Title Field XSS
2012-05-16 82007 2012-2907
2012-2709
Jakub Suchy
Aberdeen Theme for Drupal template.php aberdeen_breadcrumb Function Content Title XSS
2012-05-16 83368 2012-2707 Ivo Van Geertruyen
Hostmaster (Aegir) Module for Drupal Package/Task Exit Access Bypass Node Editing Weakness
2012-05-16 83369 2012-2710 Jakub Suchy
Zen Module for Drupal Breadcrumb Content Title XSS
2012-05-09 81793 2012-2339
2012-2699
Dylan Wilder-Tack (grendzy)
Glossary Module for Drupal Taxonomy Information Unspecified XSS
2012-05-02 81679 2012-1589 Károly Négyesi
Katsuhiko Nakanishi
Drupal Submitted Form Destination Validation Data Redirection Information Disclosure
2012-05-02 84332 2012-2308 Dylan Tack
Taxonomy Grid : Catalog Module for Drupal Unspecified XSS
2012-05-02 84331 2012-2307 Michael Hess
Addressbook Module for Drupal Unspecified CSRF
2012-05-02 84330 2012-2306 Michael Hess
Addressbook Module for Drupal Unspecified SQL Injection
2012-04-25 81635 2012-2298 Gabor Szanto
Dave Reid
RealName Module for Drupal User Real Name Unspecified XSS
2012-04-25 81555 2012-2302 Jakub Suchy
Site Documentation (Sitedoc) Module for Drupal Site Structure Information Disclosure
2012-04-18 81203 2012-2116 Ivo Van Geertruyen
Commerce Reorder Module for Drupal Shopping Cart Item Addition CSRF
2012-04-06 85233 2012-1635 Dave Reid
Adam Bramley
Revisioning Module for Drupal hook_node_access Function Access Restriction Bypass
2012-04-04 80958 2012-2296 Peter Wolanin
Janrain Engage Module for Drupal Sensitive Data Retention Weakness
2012-03-28 80669 2012-2075 Stella Power
Contact Save Module for Drupal Unspecified XSS
2012-03-28 80673 2012-2070 Justin Klein Keane
MultiBlock Module for Drupal Block Title XSS
2012-03-28 80677 2012-2074 Derek Wright
Ubercart Views Module for Drupal Default View Information Disclosure
2012-03-28 80680 2012-2083 Jakub Suchy
Justin Emond
Rick Manelius
Abhishek Nagar
Chris Lee
Fusion Theme for Drupal fusion_core/template.php fusion_core_preprocess_page() Function q Parameter XSS
2012-03-28 80684 2012-2080 Ivo Van Geertruyen
Node Limit Number Module for Drupal Existing Limit Removal CSRF
2012-03-28 80685 2012-2154 Michael Hess
CDN2 Video Module for Drupal Unspecified XSS
2012-03-28 80686 2012-2155 Michael Hess
CDN2 Video Module for Drupal Form API Unspecified CSRF
2012-03-28 80674 2012-2071 Ivo Van Geertruyen
Contact Forms Module for Drupal Page Title and Additional Information XSS
2012-03-28 80676 2012-2073 David Rothstein
Bundle Copy Module for Drupal Use PHP for Settings Permission Weakness Remote PHP Code Execution
2012-03-28 80682 Justin Klein Keane
Ivo Van Geertruyen
Activity Module for Drupal admin/settings/activity/commentactivity Multiple Parameter XSS
2012-03-28 80683 Justin Klein Keane
Ivo Van Geertruyen
Activity Module for Drupal Activity Removal CSRF
2012-03-14 80079 2012-2066 Heine Deelstra
CKEditor / FCKeditor Module for Drupal AJAX Callback Filter XSS Protection Bypass
2012-03-14 80080 2012-2067 Heine Deelstra
CKEditor / FCKeditor Module for Drupal Unspecified PHP Code Execution
2012-03-14 80195 2012-2058 Dylan Tack
Ubercart Payflow Link Module for Drupal Unspecified Payment Forgery Weakness
2012-03-14 80197 2012-2060 Ivo Van Geertruyen
Admin tools Module for Drupal Unspecified XSS
2012-03-14 80196 2012-2061 Ivo Van Geertruyen
Admin tools Module for Drupal Unspecified CSRF
2012-03-14 80137 2012-2063 Joshua Brauer
Slidebox Module for Drupal Node Content Information Disclosure
2012-03-07 79853 2012-1659 Dylan Tack
Node Recommendation Module for Drupal Unspecified XSS
2012-02-29 79712 2012-1648 Ivo Van Geertruyen
Cool Aid Module for Drupal Custom Help Messages Unspecified XSS
2012-02-15 79317 2012-1645 Ivo Van Geertruyen
CDN Module for Drupal PHP File Source Code Disclosure
2012-02-01 78746 2012-0826 Dylan Tack
Drupal Aggregator Feed Update DoS CSRF
2012-02-01 78747 2012-0827 David Rothstein
Sascha Grossenbacher
Drupal File Module Arbitrary File Access
2012-02-01 78817 2012-1056 Greg Knaddison
Forward Module for Drupal Multiple Block Access Permission Weakness Node Title Disclosure
2012-02-01 79329 2012-1057 Greg Knaddison
Forward Module for Drupal Node Ranking Increase CSRF
2012-01-25 78528 2012-1639 Ivo Van Geertruyen
Drupal Commerce Module for Drupal Multiple Field XSS
2012-01-18 78450 2012-5233 Greg Knaddison
stickynote Module for Drupal Note Editing XSS
2012-01-18 78451 2012-1636 Greg Knaddison
stickynote Module for Drupal Note Deletion CSRF
2012-01-18 78366 Owen Barton
Michael Smith
Quick Tabs Module for Drupal Tabbed Content Manipulation XSS
2012-01-11 78265 2012-1633 Greg Knaddison
Password Policy Module for Drupal User Unblocking CSRF
2012-01-11 78261 2012-1626 Greg Knaddison
Date Module for Drupal Event Module Date Field Node Conversion SQL Injection
2012-01-11 78266 2012-1632 Greg Knaddison
Password Policy Module for Drupal Password Policy Creation Policy Name Field XSS
2012-01-11 85697 2012-1631 Ivo Van Geertruyen
Admin:hover Module for Drupal Unspecified CSRF
2012-01-11 85695 2012-1629 Dylan Tack
Taxotouch Module for Drupal Unspecified XSS
2012-01-11 85694 2012-1630 Dylan Tack
Taxonomy Navigator Module for Drupal Unspecified XSS
2012-01-05 82463 Heine Deelstra
CKEditor Module for Drupal Comment Preview XSS
2011-06-29 73640 PWolanin
Secure Password Hashes (phpass) Module for Drupal Brute Force Password Reset Link Disclosure
2011-06-29 73641 PWolanin
Secure Password Hashes (phpass) Module for Drupal Password Reset Link Persistence Password Manipulation
2011-05-25 72829 Heine Deelstra
Drupal Error Handler URI XSS
2011-05-18 72408 Justin Klein Keane
Webform Module for Drupal New Webform Field name Parameter XSS
2011-05-18 72409 Justin Klein Keane
Webform Module for Drupal Webform File Upload Filename XSS
2011-04-27 72096 David Rothstein
Save Draft Module for Drupal Form Action Validation Access Restriction Bypass
2011-03-23 71839 Dylan Wilder-Tack (grendzy)
Webform Block Module for Drupal Webform Block Title Unspecified XSS
2011-03-16 71199 Greg Knaddison
Tagadelic Module for Drupal Listing Pages Taxonomy XSS
2011-02-02 70764 Heine Deelstra
Peter Wolanin
Droptor Module for Drupal Unspecified SQL Injection
2011-02-02 70768 Greg Knaddison
Chatroom Module for Drupal Multiple Admin Function CSRF
2010-12-15 69999 mr.baileys
Drupal for Firebug Module for Drupal Arbitrary PHP Code Execution CSRF
2010-12-08 69748 mr.baileys
Who Bought What|Ubercart Module for Drupal Unspecified XSS
2010-12-08 69746 mr.baileys
Who Bought What|Ubercart Module for Drupal Mode Access Restriction Bypass
2010-11-12 69235 recrit
catch
Node Relativity Module for Drupal Unspecified CSRF
2010-11-12 69234 recrit
catch
Node Relativity Module for Drupal Unspecified Node Information Disclosure
2010-11-10 69145 2010-4813 Dave Reid
Category Tokens Module for Drupal Token Help Vocabulary Names XSS
2010-10-29 68925 Ivo Van Geertruyen
Watcher Module for Drupal Unspecified XSS
2010-10-29 68926 Ivo Van Geertruyen
Watcher Module for Drupal Multiple Function CSRF
2008-09-25 48520 2008-5999 Heine Deelstra
Ajax Checklist Module for Drupal Unspecified XSS
2008-04-24 44637 2008-1976 Stéphane Corlosquet
Internationalization (i18n) Module for Drupal Unspecified XSS
2008-04-24 44639 2008-1977 Stéphane Corlosquet
Internationalization (i18n) Module for Drupal Node Translation Unspecified CSRF
2008-04-24 44638 2008-1976 Stéphane Corlosquet
Localizer Module for Drupal Unspecified XSS
2008-04-23 44640 2008-1981 Stéphane Corlosquet
Drupal E-Publish Module Multiple Unspecified CSRF
2008-04-23 44641 2008-1980 Stéphane Corlosquet
E-Publish Module for Drupal Unspecified XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2014 Open Sourced Vulnerability Database (OSVDB), All Rights Reserved.
License - Privacy Statement - Terms of Use