Blog
FAQ
Discussions
Search
Projects, issues, users, and merge requests.
Project ID, name, and description.
User nickname, name, and org.
Issue ID, title, and summary.
Merge request titles.
Contrib
.social
Feed
Live feed
Builds
Live builds
Core
Tags
Tags and Initiatives
securitydrupalorg
Open on Drupal.org →
Open on Drupal GitLab →
Created on 24 May 2010,
about 15 years ago
Maintained by
🇺🇸
United States
drumm
Drupal Security Team
🇺🇸
United States
greggles
🇺🇸
United States
mlhess
🇺🇸
United States
pwolanin
🇨🇦
Canada
scor
🇺🇸
United States
xjm
Clone
Clone with SSH
Clone with HTTPS
Clone with
doGit
🇺🇸
United States
85%
🇬🇧
United Kingdom
8%
🇧🇪
Belgium
2%
🇮🇹
Italy
1%
🏴☠️
🇪🇸 🇦🇺 🇭🇺 🇸🇰 🏴☠️ 🇳🇱
3%
Top 10 contributors
DM13 Security LLC
15%
🇺🇸
@cmlara
Lullabot
12%
🇺🇸
@yesct
Acquia
5%
🇬🇧
@mcdruid
Tag1 Consulting
4%
🇺🇸
@benjifisher
🇬🇧
@catch
DUG BE vzw (Drupal User Group Belgium)
2%
🇧🇪
@BramDriesen
Drupal Association
2%
🇺🇸
@drumm
🇪🇸
@fjgarlin
Performant Labs
2%
🇺🇸
@aangel
SciShield
2%
🇺🇸
@benjifisher
🇺🇸
@pwolanin
nLightened Development LLC
1%
🇺🇸
@nicxvan
PreviousNext
1%
🇦🇺
@larowlan
+10
and 10 other organisations
Pronovix
🇭🇺
@mxr576
ActivIT s.r.o.
🇸🇰
@poker10
Deloitte Digital
🇮🇹
@bigbabert
Kosada
🇺🇸
@mradcliffe
Open Social
🇳🇱
@ronaldtebrake
Mobomo
🇺🇸
@smustgrave
HeroDevs
🇺🇸
@aangel
Tobania
🇧🇪
@BramDriesen
Third and Grove
🇬🇧
@catch
DrupalCamp NJ
🇺🇸
@pwolanin
and 5 individuals
( 52% )
@cilefen
🇺🇸
@damienmckenna
🇺🇸
@greggles
🇮🇹
@apaderno
🇺🇸
@mlhess
Follow
Sign in to follow projects
Merge Requests
More
!15
Issue #3537684: Create CVEs for July 23 to August 13, 2025
Merged
🇺🇸
United States
greggles
updated
9 days ago
!14
Create CVEs for July 9, 2025
Merged
Show issue
🇺🇸
United States
greggles
updated
about 1 month ago
!13
Create CVEs for July 2, 2025
Merged
Show issue
🇺🇸
United States
greggles
updated
about 2 months ago
!12
Create CVEs for June 25, 2025
Merged
Show issue
🇺🇸
United States
greggles
updated
about 2 months ago
!11
Allow filtering the All Issues view by version
Open
Show issue
🇺🇸
United States
damienmckenna
updated
about 2 months ago
!10
Create CVEs for May 21, 2025
Merged
Show issue
🇺🇸
United States
yesct
updated
2 months ago
More Merge Requests
Issues
💬
Publication of CVE-2024-45440 by MITRE
Active
Security Working Group (policy questions)
Created
12 months ago
v1.0
🇺🇸
United States
cmlara
about 10 hours ago
📌
Switch to CVSS scoring
Active
Code
Created
over 1 year ago
v1.0
cilefen
3 days ago
📌
Create CVEs for July 23, 2025
Active
Code
Created
about 1 month ago
v1.0
🇺🇸
United States
greggles
9 days ago
📌
Documenting Security/CVE process
Active
Documentation
Created
11 days ago
v1.0
🇺🇸
United States
aangel
11 days ago
💬
CVE Request for Webform Multiple File
Active
Code
Created
3 months ago
v1.0
🇺🇸
United States
aangel
11 days ago
🐛
Avoid using > operator in affected version ranges for advisories
Active
Code
Created
18 days ago
v1.0
G-Rath
18 days ago
🐛
Incorrect affected versions on advisories
Active
Miscellaneous
Created
18 days ago
v1.0
G-Rath
18 days ago
📌
Create CVEs for July 9, 2025
Active
Code
Created
about 2 months ago
v1.0
🇺🇸
United States
greggles
20 days ago
📌
Create CVEs for 2016 (especially for highly critical issues)
Active
Code
Created
26 days ago
v1.0
🇺🇸
United States
greggles
26 days ago
📌
Create CVEs for July 2, 2025
Active
Code
Created
about 2 months ago
v1.0
🇺🇸
United States
greggles
about 1 month ago
📌
Create CVEs for June 25, 2025
Active
Code
Created
about 2 months ago
v1.0
🇺🇸
United States
greggles
about 1 month ago
📌
Create CVEs for May 21, 2025
Active
Code
Created
3 months ago
v1.0
🇺🇸
United States
yesct
about 2 months ago
📌
Create CVEs for June 11, 2025
Active
Code
Created
3 months ago
v1.0
🇺🇸
United States
yesct
about 2 months ago
📌
Create CVEs for May 21, 2025
Active
Code
Created
3 months ago
v1.0
🇺🇸
United States
yesct
about 2 months ago
📌
Create CVEs for June 18, 2025
Active
Code
Created
3 months ago
v1.0
🇺🇸
United States
yesct
about 2 months ago
🌱
More flexible language for git vetted status for co-maintainers of existing projects
Active
Code
Created
over 2 years ago
v1.0
🇬🇧
United Kingdom
catch
about 2 months ago
✨
Allow filtering the All Issues view by version
Active
User interface
Created
about 2 months ago
v1.0
🇺🇸
United States
damienmckenna
about 2 months ago
📌
Get an Open Source Security Foundation badge for Drupal (core? contrib?)
Needs review
Miscellaneous
Created
over 3 years ago
v1.0
🇺🇸
United States
greggles
2 months ago
📌
Create CVEs for May 14, 2025
Active
Code
Created
3 months ago
v1.0
🇺🇸
United States
greggles
2 months ago
📌
Create CVEs for June 4, 2025
Active
Code
Created
3 months ago
v1.0
🇺🇸
United States
yesct
3 months ago
✨
Publish Advisory -> CVE script to support better
Active
Code
Created
4 months ago
v1.0
🇺🇸
United States
greggles
3 months ago
📌
Clarify the Drupal Security Team Disclosure Policy
Active
Code
Created
3 months ago
v1.0
🇺🇸
United States
greggles
3 months ago
✨
Policy: Post CVE number / link on private issue
Active
Documentation
Created
3 months ago
v1.0
🇺🇸
United States
damienmckenna
3 months ago
📌
Update links on the with wrong counts
Active
Documentation
Created
over 1 year ago
v1.0
🇧🇪
Belgium
BramDriesen
4 months ago
📌
document how to publish a PSA for use by the autoupdate tool
Fixed
Documentation
Created
almost 6 years ago
v1.0
🇺🇸
United States
greggles
4 months ago
📌
Display members in an unordered list
Fixed
Code
Created
over 3 years ago
v1.0
cilefen
4 months ago
📌
Review Coverity scan for Drupal core one time
Fixed
Code
Created
over 8 years ago
v1.0
🇧🇪
Belgium
mallezie
4 months ago
📌
January 2025 CVEs
Active
Code
Created
8 months ago
v1.0
🇺🇸
United States
greggles
4 months ago
✨
Add blocks that show issue assignment status
Fixed
Code
Created
almost 10 years ago
v1.0
🇳🇱
Netherlands
dokumori
4 months ago
🐛
Link to create and avisory for an issue is partially broken
Fixed
Code
Created
about 8 years ago
v1.0
pere orga
4 months ago
🐛
Unhide some fields so admins don't have so many extra clicks
Fixed
Code
Created
almost 11 years ago
v1.0
🇺🇸
United States
mlhess
4 months ago
✨
Create automated testing for core issues
Fixed
Code
Created
over 11 years ago
v1.0
🇺🇸
United States
mlhess
4 months ago
📌
Add more examples about COi
Needs review
Code
Created
over 7 years ago
v1.0
🇺🇸
United States
greggles
4 months ago
🐛
Drupal SA's missing CVE ID's
Active
Documentation
Created
12 months ago
v1.0
🇺🇸
United States
cmlara
4 months ago
📌
I helped prep for and/or presented at Drupalcon Atlanta
Active
Code
Created
5 months ago
v1.0
🇺🇸
United States
greggles
5 months ago
📌
Unsuported Modules: Establish timeline for publishing of vulnerability info to allow for possible CVE creation
Active
Documentation
Created
8 months ago
v1.0
🇺🇸
United States
cmlara
5 months ago
📌
Consider publishing sa data to Friends of PHP's repo
Postponed
Code
Created
over 8 years ago
v1.0
🇺🇸
United States
joestewart
5 months ago
📌
Create system for issues that "need triage"
Closed: outdated
Code
Created
about 13 years ago
v1.0
🇺🇸
United States
greggles
5 months ago
📌
Show issues that a maintainer hasn't been added to by age
Closed: outdated
Code
Created
about 11 years ago
v1.0
🇺🇸
United States
greggles
5 months ago
✨
Auto-add maintainers to issues if an issue is open and they haven't been added within 2 days
Closed: outdated
Code
Created
over 6 years ago
v1.0
🇺🇸
United States
greggles
5 months ago
📌
Run a static application security test (SAST) as part of core CI
Active
Code
Created
5 months ago
v1.0
🇺🇸
United States
greggles
5 months ago
✨
Display a block that lists assigned issues for security team members
Closed: outdated
Code
Created
over 13 years ago
v1.0
🇳🇱
Netherlands
dokumori
5 months ago
✨
Manage block config using the Context or Features Extra module
Closed: outdated
Code
Created
almost 10 years ago
v1.0
🇳🇱
Netherlands
dokumori
5 months ago
📌
Reduce the effort of a core security release
Closed: outdated
Code
Created
over 2 years ago
v1.0
🇺🇸
United States
greggles
5 months ago
🐛
Remove reference to IRC nicknames and replace with slack username
Closed: outdated
Code
Created
about 3 years ago
v1.0
🇺🇸
United States
mlhess
5 months ago
🐛
List of team members shows an irc nick, and requires it to display properly
Closed: won't fix
Code
Created
almost 6 years ago
v1.0
🇺🇸
United States
greggles
5 months ago
✨
Make it easier to add new users to sdo via a security issue
Closed: duplicate
User interface
Created
over 7 years ago
v1.0
🇺🇸
United States
damienmckenna
5 months ago
✨
Add a view for listing tagged nodes
Closed: outdated
Code
Created
over 9 years ago
v1.0
🇳🇱
Netherlands
dokumori
5 months ago
✨
Change the project title in the status block to a link to the project
Closed: outdated
Code
Created
almost 10 years ago
v1.0
🇺🇸
United States
cashwilliams
5 months ago
📌
Email new nodes to a configurable email address
Closed: outdated
Code
Created
almost 11 years ago
v1.0
🇺🇸
United States
mlhess
5 months ago
📌
Allow team members to pull bakery users
Closed: outdated
Code
Created
almost 13 years ago
v1.0
🇺🇸
United States
mlhess
5 months ago
✨
Let distro maintainers or trusted persons see security issue count in dependent modules
Closed: outdated
Code
Created
almost 12 years ago
v1.0
🇺🇸
United States
coltrane
5 months ago
✨
Invoke hook to create account if account is not on local site.
Closed: outdated
Code
Created
almost 11 years ago
v1.0
🇺🇸
United States
mlhess
5 months ago
📌
Create a survey for the community priori to Drupalcon
Active
Code
Created
5 months ago
v1.0
🇺🇸
United States
greggles
5 months ago
📌
Create CVEs for contributed projects in 2024
Active
Code
Created
9 months ago
v1.0
🇺🇸
United States
greggles
6 months ago
🐛
issues_by_followup_date view should default to Open status
Active
Code
Created
6 months ago
v1.0
🇬🇧
United Kingdom
mcdruid
6 months ago
📌
Update CNA scope
Needs review
Code
Created
10 months ago
v1.0
🇺🇸
United States
greggles
7 months ago
✨
Prohibit the ability to adopt a project
Active
Code
Created
about 1 year ago
v1.0
🇺🇸
United States
cmlara
7 months ago
✨
Require in-person identity confirmation to receive security opt-in role.
Active
Code
Created
about 1 year ago
v1.0
🇺🇸
United States
cmlara
7 months ago
📌
[META|POLICY] Think of a way to make it less easy to become a (co-) maintainer
Active
Security Working Group (policy questions)
Created
7 months ago
v1.0
🇧🇪
Belgium
BramDriesen
7 months ago
💬
greggles dealing with organization credit attribution limitations
Postponed
Miscellaneous
Created
over 1 year ago
v1.0
🇺🇸
United States
greggles
8 months ago
📌
Create CVEs for SA-CORE-2024-003, 004, 005, 006, 007, 008
Active
Code
Created
9 months ago
v1.0
🇺🇸
United States
greggles
8 months ago
🐛
Update 'Security team process' link in Quicklinks to point to d.o
Fixed
Code
Created
about 9 years ago
v1.0
🇺🇸
United States
cashwilliams
8 months ago
🐛
"My security issues" block's "more" link is redirecting to the wrong url
Active
Code
Created
8 months ago
v1.0
🇧🇪
Belgium
BramDriesen
8 months ago
📌
Create CVEs for
Active
Code
Created
10 months ago
v1.0
🇺🇸
United States
greggles
8 months ago
📌
Create a cve for diff
Active
Code
Created
11 months ago
v1.0
🇺🇸
United States
greggles
9 months ago
📌
Develop and publish policy regarding missed SA notices
Active
Security Working Group (policy questions)
Created
over 3 years ago
v1.0
🇺🇸
United States
cmlara
9 months ago
📌
Improve Security Risk Levels Defined docs page
Active
Documentation
Created
about 2 years ago
v1.0
🇺🇸
United States
damienmckenna
9 months ago
✨
Security Tracker Emails: Strip the Body Field Or Encrypt with Recipient's Pubic GPG Key
Closed: won't fix
Code
Created
almost 11 years ago
v1.0
🇺🇸
United States
rickmanelius
9 months ago
📌
Collect CVE related details as part of Security Issue
Active
Code
Created
11 months ago
v1.0
🇺🇸
United States
cmlara
9 months ago
📌
Automate publishing of CVE's
Active
Code
Created
11 months ago
v1.0
🇺🇸
United States
cmlara
10 months ago
✨
Update policy to explicitly state security issues will be handled privately
Active
Security Working Group (policy questions)
Created
almost 3 years ago
v1.0
🇺🇸
United States
damienmckenna
12 months ago
📌
Expand the ability of module maintainers to mark a particular release as security.
Active
Code
Created
about 1 year ago
v1.0
🇺🇸
United States
nicxvan
about 1 year ago
🌱
[META] Increase Security of Project Ownership Transfer Process
Active
Code
Created
about 1 year ago
v1.0
🇺🇸
United States
cmlara
about 1 year ago
📌
Remove riskcalc, replaced with www.drupal.org
Fixed
Code
Created
over 1 year ago
v1.0
🇺🇸
United States
drumm
over 1 year ago
📌
Document the process for updating an "unsupported" SA due to new adoption
Active
Documentation
Created
about 2 years ago
v1.0
🇺🇸
United States
damienmckenna
over 1 year ago
📌
Review and fix up message templates
Fixed
Documentation
Created
over 1 year ago
v1.0
🇺🇸
United States
greggles
over 1 year ago
🐛
Link to create SA in the sidebar info section doesn't work
Fixed
Code
Created
over 1 year ago
v1.0
🇧🇪
Belgium
kristiaanvandeneynde
over 1 year ago
✨
Change SA opt-in to differentiate between "not opted in (yet)" vs "opted out"
Active
User interface
Created
almost 2 years ago
v1.0
🇺🇸
United States
damienmckenna
almost 2 years ago
📌
Update security issue version field for semantic versioning & Drupal 9
Active
User interface
Created
almost 5 years ago
v1.0
🇺🇸
United States
drumm
almost 2 years ago
📌
Create new documentation guide & pages that clearly documents what issues are not considered security issues
Active
Miscellaneous
Created
over 3 years ago
v1.0
🇺🇸
United States
damienmckenna
about 2 years ago
✨
Adjust order for editing SA fields to match s.d.o and the display on d.o
Fixed
sahtml
Created
over 6 years ago
v1.0
🇺🇸
United States
greggles
about 2 years ago
contrib
.social
Blog
FAQ
Discussions
Production build 0.71.5
2024