Coder is another popular module and allows Drupal administrators to check their code against various coding standards and best practices.

Drupal patched a series of highly critical remote code execution bugs in three separate modules today that could let an attacker take over any site running the modules.

As long as Drupal site builders are sticking to general best practices—using well-trodden contributed modules, not "hacking core" (making modifications to Drupal core/contributed files), and ...

A pair of modules included in the Drupal content management system have been updated to fix access bypass vulnerabilities that could allow an attacker to take actions on the behalf of some users.

Security issues for CMSs like Drupal and Joomla fall into several main categories: “Core code” — the modules you get when you download/install Drupal or Joomla, as developed by the team.