Drupal is considered to be a highly secure content management system (CMS). The Drupal security team has a well-established process for identifying and addressing security vulnerabilities, and regularly releases security updates to address them.
However, as with any software, there is no such thing as 100% security, and vulnerabilities can still be discovered from time to time. Therefore, it's important to keep Drupal up to date with the latest security patches and follow best practices for securing your Drupal site.
Some of the best practices for securing a Drupal site include using strong passwords, limiting access to sensitive files, enabling secure connections (HTTPS), and installing security modules such as the Drupal security kit (DSK) and login security. Additionally, it's important to keep your server and other software up to date with the latest security patches.
Overall, if you follow best practices and keep your Drupal site up to date, it can be a very secure CMS.