Skip to content
← All frameworks
41

Drupal

legacy php · cms · since 2001
caution Updated June 2026

Drupal scores 42/100. Consider migrating to: nextjs, django, laravel.

Recommended alternatives: nextjs, django, laravel

Dimension breakdown
Security
35
Performance
65
Ecosystem
40
Ai Readiness
40
Developer Experience
40
Market Trajectory
35
Cost Of Ownership
35
Security

1200 total CVEs on record. 89 critical severity. 8 actively exploited (CISA KEV).

Total Cves 1,200
Critical Cves 89
Exploited Cves 8
Avg Cvss 6.5
Cves Last Year 120
Performance

Average performance. Room for optimization.

Ecosystem

4,200 GitHub stars. 200 contributors. 6 releases in the last year.

Stars 4,200
Contributors 200
Releases Last Year 6
Avg Issue Close Days 60
Ai Readiness

Poor AI-readiness. Built for human-browser consumption. Bloated HTML output, plugin-injected content, weak or bolted-on API support.

Structured Output 40
Api First 0.0
Headless Capable 0.0
Developer Experience

Below-average developer experience. Legacy patterns, complex configuration.

Market Trajectory
Score 35
Market Share Pct 1.5
Cost Of Ownership

High cost. Significant hosting, maintenance, and security patching burden.

Actively exploited vulnerabilities
Updated 2026-07-13
5 entries

5 confirmed vulnerabilities being actively exploited in real attacks right now. Source: CISA Known Exploited Vulnerabilities.

84% probability of exploitation within 30 days EPSS score · FIRST.org

Latest entry: 2026-05-22
Drupal scores 42/100 overall. Strongest dimension: performance (65). Weakest: security (35).