Drush - 2 CVEs (Page 1/1)

About “Drush”

A curated feed of “Drush”-related CVEs appears below. We currently track 2 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 2.1 (all time), and 0% are rated High/Critical (all time). Top CWEs (all time): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: drush

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

Cycle	Release	Latest	EOL
13	2024-08-02	13.7.3	-
12	2023-06-03	12.5.3	-
11	2022-01-11	11.6.0	2023-11-30 Expired
10	2019-10-31	10.6.2	2022-01-31 Expired
9	2018-01-24	9.7.3	2020-05-31 Expired
8	2015-11-19	8.5.0	2025-01-31 Expired
7	2015-05-20	7.4.2	2017-07-31 Expired
6	2013-08-16	6.7.0	2015-12-31 Expired
5	2012-03-23	5.11.0	2015-05-31 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired) · ICS

Subscribe CVEs: RSS for “Drush”

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0

2013-03-27

Low

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.

CVSS: 2.1 CWE: N/A View on NVD

2012-06-27

Low

CVE-2012-2708

Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows…

CVSS: 2.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD