Reporting security issues to the Drupal project
I started reporting security issues to the Drupal project lately, most of them affecting contributed modules.
This one for instance is a CSRF that was present in the Configuration Update Manager module for Drupal 8.
This one was highly critical, allowing SQL injection to anonymous users, CSRF and XSS.
Update: It has been analysed by Drew Webber (mcdruid) - Acquia Principal Security Analyst - during his "Reverse Engineering Drupal Vulnerabilities" presentation.
Another highly critical one allowed again SQL injection and XSS.