Synced 17 Jun 2026 22:27 UTC Account
← All products

Drupal

Drupal · CMS
↻ RSS feed
Monitors Drupal and tailors your dashboard to that exact version.
11.3.12 · latest cycle/100 Unknown

Summary iPlain-English security verdict for Drupal, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

Drupal's security status could not be assessed at the last sync — vulnerability data was unavailable.

Disclosure trend iNew CVEs published for Drupal each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19
'20
'21
'22
'23
'24
'25
'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

No urgent unpatched issues identified. ✓

Get alerted about Drupal

Be emailed the moment Drupal gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for Drupal — no marketing, no sharing, and we never know what you run. Track your whole stack →

Monitor up to 200 products — freeHit ☆ Monitor on anything you run, then sign in (no password) to sync your stack across devices and unlock smart insights, risk history & CSV/JSON exports. Sign in free →

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each Drupal release line is supported — and when it sunsets. Select a line for its full report.

Dec16'26 Drupal 11.3EOL 2026-12-16
Dec16'26 Drupal 10.6EOL 2026-12-16
Jun17'26 Drupal 11.2ended 2026-06-17
Jun17'26 Drupal 10.5ended 2026-06-17
Dec10'25 Drupal 10.4ended 2025-12-10
Dec10'25 Drupal 11.1ended 2025-12-10
Jun16'25 Drupal 11.0ended 2025-06-16
Jun16'25 Drupal 10.3ended 2025-06-16
Jan5'25 Drupal 7ended 2025-01-05
Dec17'24 Drupal 10.2ended 2024-12-17
Jun20'24 Drupal 10.1ended 2024-06-20
Dec15'23 Drupal 10.0ended 2023-12-15

Full Drupal end-of-life dates & support timeline →

11.3 latest 11.3.12 Supported until 2026-12-1611.3.12 → 10.6 latest 10.6.11 Supported until 2026-12-1610.6.11 → 11.2 latest 11.2.14 End of life ended 2026-06-1711.2.14 → 10.5 latest 10.5.12 End of life ended 2026-06-1710.5.12 → 10.4 latest 10.4.10 End of life ended 2025-12-1010.4.10 → 11.1 latest 11.1.10 End of life ended 2025-12-1011.1.10 → 11.0 latest 11.0.13 End of life ended 2025-06-1611.0.13 → 10.3 latest 10.3.14 End of life ended 2025-06-1610.3.14 → 10.2 latest 10.2.12 End of life ended 2024-12-1710.2.12 → 10.1 latest 10.1.8 End of life ended 2024-06-2010.1.8 → See all upcoming end-of-life dates →

Frequently asked

Is Drupal safe and patched?

Drupal's security status could not be assessed at the last sync — vulnerability data was unavailable.

What should I do about Drupal now?

Upgrade Drupal to the latest supported release (11.3.12) or later and apply available security updates, then confirm against Drupal's official advisory.

When does Drupal reach end-of-life?

The latest supported Drupal release is 11.3.12. After end-of-life a release no longer receives security patches.

Which versions of Drupal are still receiving security updates?

Supported Drupal release lines (latest 11.3.12): 11.3, 10.6. End-of-life releases no longer receive security patches.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Drupal's official advisory before you patch or upgrade — Drupal official site ↗