Blog
FAQ
Discussions
Search
Projects, issues, users, and merge requests.
Project ID, name, and description.
User nickname, name, and org.
Issue ID, title, and summary.
Merge request titles.
Contrib
.social
Feed
Live feed
Builds
Live builds
Core
Tags
Tags and Initiatives
Security Review
Open on Drupal.org →
Open on Drupal GitLab →
Created on 4 November 2009,
over 15 years ago
Maintained by
🇭🇺
Hungary
banviktor
🇺🇸
United States
coltrane
🇺🇸
United States
dsnopek
🇺🇸
United States
greggles
🇺🇸
United States
smustgrave
Clone
Clone with SSH
Clone with HTTPS
Clone with
doGit
🇺🇸
United States
55%
🇫🇷
France
12%
🇩🇪
Germany
11%
🇮🇳
India
9%
🇳🇱
Netherlands
4%
🏴☠️
3%
🇮🇹
Italy
1%
🇯🇴
Jordan
1%
🇵🇹
Portugal
1%
🇩🇰
Denmark
1%
🇪🇸
Spain
1%
Top 10 contributors
Mobomo
50%
🇺🇸
@smustgrave
@mdranove
Insite
12%
🇫🇷
@prudloff
Nodegard
5%
🇩🇪
@c-logemann
iO
4%
🇳🇱
@eelkeblok
Srijan | A Material+ Company
3%
🇮🇳
@arunkumark
EPAM Systems
3%
🇮🇳
@gaurav_manerkar
LakeDrops
3%
🇩🇪
@jurgenhaas
Virasat Solutions
3%
🇮🇳
@abhishek_virasat
QED42
1%
🇮🇳
@harivenuv
Vardot
1%
🇯🇴
@Rajab Natshah
+3
and 3 other organisations
Merkle
🇵🇹
@guilherme-lima-almeida
Ardea
🇩🇰
@ressa
NTT DATA
🇪🇸
@programeta
and 3 individuals
( 12% )
🇩🇪
@gngn
🇺🇸
@greggles
🇮🇹
@apaderno
Follow
Sign in to follow projects
Merge Requests
More
!83
Fields::getDetails() can return a TranslatableMarkup object
Open
Show issue
🇫🇷
France
prudloff
updated
2 days ago
!82
Resolve #3523094 "In valid array"
Open
🇮🇳
India
arunkumark
updated
about 2 months ago
!81
Add "restrict access" to the "access security review list" permission
Open
Show issue
🇫🇷
France
prudloff
updated
4 months ago
!80
Headers check should be lowercase
Open
Show issue
mdranove
updated
7 months ago
!79
Add test for adminPermission Plugin + start testbase
Merged
Show issue
🇺🇸
United States
smustgrave
updated
7 months ago
!78
TypeError: Drupal\user\UserAuthentication::authenticateAccount(): Argument #1 (closed) ($account) must be of type Drupal\user\UserInterface, bool given
Closed
Show issue
🇩🇪
Germany
jurgenhaas
updated
8 months ago
More Merge Requests
Issues
🐛
Fields::getDetails() can return a TranslatableMarkup object
Active
Code
Created
2 days ago
v3.1
🇫🇷
France
prudloff
2 days ago
📌
Add "restrict access" to the "access security review list" permission
Active
Code
Created
7 months ago
v3.1
🇫🇷
France
prudloff
14 days ago
🐛
In valid array in Security.php on scan null given in in_array()
Active
Code
Created
about 2 months ago
v2.0
🇮🇳
India
arunkumark
about 2 months ago
✨
Check for CSP on private and public SVG files
Active
Code
Created
7 months ago
v3.1
🇺🇸
United States
greggles
4 months ago
🐛
TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given in array_key_exists() (line 203 of modules/contrib/security_review/src/SecurityReview.php).
Active
Code
Created
8 months ago
v3.0
quilx
5 months ago
🐛
Headers check should be lowercase
Active
Code
Created
7 months ago
v3.1
mdranove
5 months ago
📌
Move from state API tot dedicated key/value collection
Active
Code
Created
8 months ago
v3.1
🇳🇱
Netherlands
eelkeblok
5 months ago
🐛
AJAX HTTP Error During Security Review Analysis and Multiple Errors on Settings Page
Active
Code
Created
6 months ago
v3.1
phdi
6 months ago
🐛
False Negative for Writeable .htaccess on NGINX
Fixed
Code
Created
over 10 years ago
v1.0
🇺🇸
United States
populist
6 months ago
✨
Use drupal.org date format, not US
Active
User interface
Created
11 months ago
v3.0
🇩🇰
Denmark
ressa
6 months ago
📌
Add test for adminPermission Plugin + start testbase
Active
Code
Created
7 months ago
v3.1
🇺🇸
United States
smustgrave
7 months ago
🐛
Long field names which are shortened by Drupal doesn't work.
Needs review
Code
Created
almost 5 years ago
v2.0
🇵🇭
Philippines
dsdeiz
7 months ago
🌱
Add better test coverage per check
Active
Code
Created
8 months ago
v3.1
🇺🇸
United States
smustgrave
7 months ago
🐛
file check is problematic "green" when not test with chmod
Active
Code
Created
about 1 year ago
v3.0
🇩🇪
Germany
c-logemann
7 months ago
🐛
TypeError: Drupal\user\UserAuthentication::authenticateAccount(): Argument #1 (closed) ($account) must be of type Drupal\user\UserInterface, bool given
Active
Code
Created
8 months ago
v3.1
🇩🇪
Germany
jurgenhaas
7 months ago
🐛
Once failed but skipped checks shown as warning on status page
Active
Code
Created
8 months ago
v3.0
🇩🇪
Germany
gngn
7 months ago
🐛
Udpate 3.04 > 3.1.0
Active
Miscellaneous
Created
8 months ago
v3.1
🇫🇷
France
chsdaiguil
8 months ago
📌
Validate schema
Active
Code
Created
9 months ago
v3.0
🇺🇸
United States
smustgrave
8 months ago
🐛
Problem with Mail Login
Active
Code
Created
12 months ago
v3.0
🇩🇪
Germany
drupalbubb
8 months ago
💬
Hashes in dangerous tags in content exclude list not working
Active
Code
Created
9 months ago
v3.0
mjansen30
8 months ago
🐛
Drush command does not display checks anymore
Needs review
Code
Created
12 months ago
v3.0
🇫🇷
France
prudloff
8 months ago
✨
"Safe file system permissions" should test the ownership of files and directories
Closed: outdated
Code
Created
almost 10 years ago
v1.0
🇩🇪
Germany
c-logemann
9 months ago
🐛
CLI/Drush cannot do file checks directly
Active
Code
Created
about 1 year ago
v3.0
🇩🇪
Germany
c-logemann
9 months ago
🐛
Checks using sub requests with guzzle get wrong results in basic auth systems
Active
Code
Created
about 1 year ago
v3.0
🇩🇪
Germany
c-logemann
9 months ago
✨
Whitelist views/displays in View access check
Needs review
Code
Created
about 4 years ago
v3.0
🇩🇪
Germany
gngn
9 months ago
🐛
Fix fatal error when pressing Run checklist button
Fixed
Code
Created
11 months ago
v3.0
🇯🇴
Jordan
Rajab Natshah
11 months ago
🐛
views_access check is broken
Fixed
Code
Created
12 months ago
v3.0
🇫🇷
France
prudloff
11 months ago
🐛
Private files path is not detected correctly
Fixed
Code
Created
12 months ago
v3.0
🇫🇷
France
prudloff
11 months ago
🐛
[error] Message: Error executable_php, access was denied to the file.
Fixed
Code
Created
about 1 year ago
v3.0
🇪🇬
Egypt
mahmoudsayed96
11 months ago
🐛
Call to undefined method Drupal\security_review\Plugin\SecurityCheck\AdminPermissions::isSkipped()
Fixed
Code
Created
12 months ago
v3.0
🇫🇷
France
prudloff
11 months ago
🐛
Message TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given in array_key_exists()
Closed: outdated
Code
Created
over 1 year ago
v3.0
Darsana Prasad
11 months ago
✨
Skip admin_user check if "security.enable_super_user" is false
Fixed
Code
Created
about 1 year ago
v3.0
🇫🇷
France
prudloff
12 months ago
🐛
PrivateFiles check may fail or give misleading results for alternate stream wrappers
Fixed
Code
Created
almost 2 years ago
v3.0
🇺🇸
United States
muriqui
12 months ago
🐛
Get server uid function return unexpected type null
Fixed
Code
Created
about 1 year ago
v3.0
🇪🇬
Egypt
mahmoudsayed96
12 months ago
🐛
unintended commited timestamp in IGNOREME.txt
Fixed
Code
Created
about 1 year ago
v3.0
🇩🇪
Germany
c-logemann
about 1 year ago
📌
Remove drush.inc file
Fixed
Code
Created
over 1 year ago
v3.0
🇺🇸
United States
smustgrave
about 1 year ago
✨
Add the ability to hush specific fields for "Unsafe file extensions allowed in uploads" check
Fixed
Code
Created
over 2 years ago
v3.0
🇺🇸
United States
jenlampton
about 1 year ago
🐛
Only check default view access if it is used
Fixed
Code
Created
almost 4 years ago
v2.0
🇺🇸
United States
douggreen
about 1 year ago
🐛
Required parameter $check_name follows optional parameter
Fixed
Code
Created
almost 3 years ago
v1.3
🇺🇸
United States
scott_earnest
about 1 year ago
🐛
Refactor trusted hosts check
Fixed
Code
Created
over 6 years ago
v2.0
🇺🇸
United States
timwood
about 1 year ago
📌
Unused variable $test.
Closed: outdated
Code
Created
about 2 years ago
v2.0
🇮🇳
India
arti_parmar
about 1 year ago
📌
Automated Drupal 10 compatibility fixes
Fixed
Code
Created
about 3 years ago
v1.0
project update bot
about 1 year ago
📌
Fix the issues reported by phpcs
Closed: won't fix
Code
Created
almost 2 years ago
v2.0
🇮🇳
India
indrapatil
about 1 year ago
📌
\Drupal calls should be avoided in classes, use dependency injection instead
Closed: works as designed
Code
Created
over 1 year ago
v3.0
🇮🇳
India
chaitanyadessai
about 1 year ago
📌
hook_help function missing in .module file
Closed: won't fix
Code
Created
over 2 years ago
v2.0
🇮🇳
India
jay jangid
about 1 year ago
🐛
[error] TypeError: Drupal\security_review\SecurityReview::getServerUid(): Return value must be of type int, null returned
Closed: duplicate
Code
Created
about 1 year ago
v3.0
🇩🇪
Germany
c-logemann
about 1 year ago
📌
Batchify and optimize field scan (dangerous tags in content)
Fixed
Code
Created
over 1 year ago
v3.0
🇳🇱
Netherlands
eelkeblok
about 1 year ago
📌
Automated Drupal 11 compatibility fixes for security_review
Fixed
Code
Created
over 1 year ago
v3.0
project update bot
about 1 year ago
🐛
After upgrading from 2.x to 3.x skipped config is null
Closed: outdated
Code
Created
over 1 year ago
v3.0
🇨🇴
Colombia
jucedogi
about 1 year ago
🐛
Can't uninstall
Closed: works as designed
Code
Created
over 1 year ago
v2.0
🇫🇷
France
erwangel
about 1 year ago
🌱
META 3.0.0
Fixed
Code
Created
over 1 year ago
v3.0
🇺🇸
United States
smustgrave
over 1 year ago
📌
Scan freezes on File permissions. Guzzle Error
Fixed
Code
Created
over 1 year ago
v3.0
🇺🇸
United States
chucksimply
over 1 year ago
📌
Port views access batch to new plugin mechanism
Fixed
Code
Created
over 1 year ago
v3.0
🇳🇱
Netherlands
eelkeblok
over 1 year ago
📌
Port upload extensions batch to new plugin mechanism
Fixed
Code
Created
over 1 year ago
v3.0
🇳🇱
Netherlands
eelkeblok
over 1 year ago
🐛
State should be cleaned on uninstall
Fixed
Code
Created
over 1 year ago
v3.0
🇳🇱
Netherlands
eelkeblok
over 1 year ago
📌
A more specific state variable should be used for storing the last run time
Fixed
Code
Created
over 1 year ago
v3.0
🇳🇱
Netherlands
eelkeblok
over 1 year ago
🐛
name / passwords check not working as expected
Fixed
Code
Created
over 1 year ago
v3.0
codaBAM
over 1 year ago
🐛
Warning: Undefined array key "result" in security_review_requirements() (line 51 of security_review.install)
Fixed
Code
Created
over 1 year ago
v3.0
🇺🇸
United States
adrianm6254
over 1 year ago
📌
Move batch functionality into check plugin
Fixed
Code
Created
over 1 year ago
v3.0
🇳🇱
Netherlands
eelkeblok
over 1 year ago
📌
Reduce number of dependencies in SecurityCheckBase
Fixed
Code
Created
over 1 year ago
v3.0
🇳🇱
Netherlands
eelkeblok
over 1 year ago
🐛
State should be cleaned on uninstall
Fixed
Code
Created
over 1 year ago
v2.0
🇳🇱
Netherlands
eelkeblok
over 1 year ago
🐛
security_review.checks.yml fails blt yaml validation
Closed: works as designed
Code
Created
over 1 year ago
v3.0
🇺🇸
United States
loopy1492
over 1 year ago
✨
Include check for X-Frame-Options header/click-jacking
Fixed
Code
Created
over 11 years ago
v2.0
🇺🇸
United States
cashwilliams
over 1 year ago
📌
Readd and update tests
Fixed
Code
Created
over 1 year ago
v3.0
🇺🇸
United States
smustgrave
over 1 year ago
🌱
[Meta] - Hush Check
Fixed
Code
Created
over 2 years ago
v3.0
🇺🇸
United States
smustgrave
over 1 year ago
📌
"Files writable by the server"-Repair instructions should NOT be server specific
Fixed
User interface
Created
over 7 years ago
v3.0
🇺🇸
United States
TynanFox
over 1 year ago
📌
Make security checks into plugins
Fixed
Code
Created
over 9 years ago
v3.0
🇺🇸
United States
dsnopek
over 1 year ago
✨
Explore additional ways to load large number of items
Fixed
Code
Created
about 2 years ago
v3.0
🇺🇸
United States
smustgrave
over 1 year ago
🐛
Error: Call to a member function isAdmin() on null in Drupal\security_review\Security->rolePermissions()
Fixed
Code
Created
almost 6 years ago
v2.0
🇺🇸
United States
dangur
over 1 year ago
📌
Clean up toggle functionality
Fixed
Code
Created
over 1 year ago
v3.0
🇺🇸
United States
smustgrave
over 1 year ago
🐛
PHP 8.1 Warning: Array to string conversion
Fixed
Code
Created
over 1 year ago
v2.0
🇬🇷
Greece
pappis
over 1 year ago
📌
Address phpstan issues
Fixed
Code
Created
over 1 year ago
v3.0
🇺🇸
United States
smustgrave
over 1 year ago
📌
Merge Check::evaluate() and Check::evaluatePlain()
Fixed
Code
Created
over 9 years ago
v3.0
🇺🇸
United States
dsnopek
over 1 year ago
🐛
Executable PHP in files directory - false negative
Closed: outdated
Code
Created
about 11 years ago
v1.3
🇨🇦
Canada
almc
over 1 year ago
📌
Add gitlab file and addressing findings
Fixed
Code
Created
over 1 year ago
v2.0
🇺🇸
United States
smustgrave
over 1 year ago
🐛
SQL syntax error in Field check when run on PostgreSQL
Fixed
Code
Created
almost 2 years ago
v2.0
🇺🇸
United States
muriqui
over 1 year ago
✨
Remove the TD and TABLE tags as particularly dangerous - needs discussion
Fixed
Code
Created
almost 2 years ago
v2.0
🇨🇦
Canada
sagesolutions
over 1 year ago
📌
Port Security Review to Drupal 8
Fixed
Code
Created
over 10 years ago
v1.0
🇸🇮
Slovenia
RaulMuroc
over 1 year ago
🌱
[Meta] 2.0.2 Release
Closed: outdated
Code
Created
over 2 years ago
v2.0
🇺🇸
United States
smustgrave
over 1 year ago
💬
Is this module supposed to be used in a production environment?
Fixed
Documentation
Created
almost 2 years ago
v2.0
🇳🇱
Netherlands
undersound3
almost 2 years ago
💬
Clean install does not comply with security review
Closed: works as designed
Miscellaneous
Created
almost 2 years ago
v1.0
🇳🇱
Netherlands
edvanleeuwen
almost 2 years ago
🐛
PHP warning: in_array() expects parameter 2 to be array
Fixed
Code
Created
over 6 years ago
v1.0
🇬🇧
United Kingdom
malcomio
almost 2 years ago
🐛
"VendorDirectory" help text issues
Fixed
User interface
Created
almost 2 years ago
v2.0
🇯🇵
Japan
tyler36
almost 2 years ago
🐛
"Base table or view not found" when running report with CiviCRM on Drupal 9.
Closed: duplicate
Code
Created
almost 2 years ago
v2.0
🇬🇧
United Kingdom
finn lewis
almost 2 years ago
🐛
TypeError: Drupal\security_review\CheckResult::__construct(): Argument #6 ($hushedFindings) must be of type array, null given
Closed: outdated
Code
Created
over 2 years ago
v2.0
🇺🇦
Ukraine
Taran2L
almost 2 years ago
🐛
Table is empty, broken query
Closed: duplicate
Code
Created
almost 2 years ago
v2.0
🇺🇸
United States
hungdo
almost 2 years ago
🐛
Unsafe file upload extensions Details page throws an exception
Closed: duplicate
Code
Created
about 2 years ago
v2.0
🇪🇸
Spain
juanolalla
almost 2 years ago
✨
Check for spam content in hidden parts of comments
Closed: outdated
Code
Created
almost 12 years ago
v2.0
🇺🇸
United States
coltrane
almost 2 years ago
📌
t() calls should be avoided in classes, use \Drupal\Core\StringTranslation\StringTranslationTrait and $this->t() instead
Closed: won't fix
Code
Created
about 2 years ago
v2.0
🇮🇳
India
arti_parmar
almost 2 years ago
📌
PHPCS Fix
Fixed
Code
Created
over 2 years ago
v2.0
🇺🇸
United States
smustgrave
over 2 years ago
🐛
Field check out of memory
Fixed
Code
Created
about 4 years ago
v2.0
🇬🇧
United Kingdom
dippers
over 2 years ago
🐛
Error: Class "Symfony\Component\Filesystem\Filesystem" not found
Fixed
Code
Created
over 2 years ago
v2.0
🇬🇧
United Kingdom
natts
over 2 years ago
✨
Ability to "hush" individual warnings
Closed: outdated
Code
Created
about 14 years ago
v2.0
🇺🇸
United States
vegantriathlete
over 2 years ago
🐛
Every role is trusted
Closed: outdated
Code
Created
about 10 years ago
v1.0
🇭🇺
Hungary
banviktor
over 2 years ago
📌
Fix test cases
Fixed
Code
Created
over 2 years ago
v2.0
🇺🇸
United States
smustgrave
over 2 years ago
🐛
Excess space or tab symbols at .htaccess ("files" folder) provide false negative
Fixed
Code
Created
over 10 years ago
v1.2
🇷🇺
Russia
Dimetry
over 2 years ago
🐛
.json file extention recognized as .js
Fixed
Code
Created
over 9 years ago
v1.3
🇧🇾
Belarus
chegor
over 2 years ago
🐛
Base table or view not found (table names incorrect for long table names)
Fixed
Code
Created
over 2 years ago
v2.0
🇬🇧
United Kingdom
robcarr
over 2 years ago
🌱
[meta] 2.0.1 release
Fixed
Code
Created
over 9 years ago
v2.0
🇭🇺
Hungary
banviktor
over 2 years ago
✨
Recommend to drupal 8 to move /vendor/ outside of the webroot
Fixed
Code
Created
over 9 years ago
v2.0
🇺🇸
United States
greggles
over 2 years ago
contrib
.social
Blog
FAQ
Discussions
Production build 0.71.5
2024