The Drupal Security Team announced a moderately critical Cross-site Scripting-SA-CONTRIB-2022-011 Vulnerability in Navbar module in Drupal 7on January 25th, 2022.
Critical Access bypass, Information Disclosure, and Multiple Vulnerabilities in the Private Taxonomy Terms module SA-CONTRIB-2022-014 was announced on January 26th, 2022
A Drupal security advisory was announced against a moderately critical XSS vulnerability (SA-CONTRIB-2022-004) in the vendor library, jQuery UI, on January 19th, 2022
The Drupal security team announced a moderately critical cross site scripting (XSS) vulnerability SA-CONTRIB-2022-003 in WYSIWYG Drupal 7 on 2022, January 5th.
Drupal security team announced a moderately critical access bypass vulnerability SA-CONTRIB-2022-002 in Simple OAuth (OAuth2) & OpenID Connect on 2022, January 5th.
The Drupal security team has announced a critical access bypass vulnerability SA-CONTRIB-2022-001 in the Super Login module in Drupal 8, posted on 2022, January 5th.
The Drupal security team has issued on December 8th, 2021 critical cross-site scripting (XSS) and access bypass vulnerability for webform (SA-CONTRIB-2021-045).
CKEditor has released a security update SA- Core-2021-011 that impacts Drupal. The issue, dated November 17, 2021, is classified as a moderately critical cross-site scripting (XSS) vulnerability.