getgrav/grav vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-66308Mediumgetgrav/grav: Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site`…CVE-2025-66295Highgetgrav/grav: Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account…CVE-2025-66305Highgetgrav/grav: Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' ParameterCVE-2025-66306Mediumgetgrav/grav: Grav vulnerable to Information Disclosure via IDOR in Grav Admin PanelCVE-2025-66302Mediumgetgrav/grav: Grav vulnerable to Path Traversal allowing server files backupCVE-2025-66307Mediumgetgrav/grav: Grav Admin Plugin vulnerable to User Enumeration & Email DisclosureCVE-2025-66312Mediumgetgrav/grav: Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint…CVE-2025-66311Mediumgetgrav/grav: Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples…CVE-2025-66304Mediumgetgrav/grav: Grav Exposes Password Hashes Leading to privilege escalationCVE-2025-66303Mediumgetgrav/grav: Grav is vulnerable to a DOS on the admin panelCVE-2025-66301Highgetgrav/grav: Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to…CVE-2025-66300Highgetgrav/grav: Grav is vulnerable to Arbitrary File ReadCVE-2025-66299Highgetgrav/grav: Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection)CVE-2025-66296Highgetgrav/grav: Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows…CVE-2024-35498Lowgetgrav/grav: Grav Cross-site Scripting vulnerabilityCVE-2024-34082Highgetgrav/grav: Grav Vulnerable to Arbitrary File Read to Account TakeoverCVE-2024-28119Highgetgrav/grav: Server Side Template Injection (SSTI) via Twig escape handlerCVE-2024-28118Highgetgrav/grav: Server Side Template Injection (SSTI)CVE-2024-28117Highgetgrav/grav: Server Side Template Injection (SSTI)CVE-2024-28116Highgetgrav/grav: Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypassCVE-2024-27921Highgetgrav/grav: Grav File Upload Path TraversalCVE-2024-27923Highgetgrav/grav: Remote Code Execution by uploading a phar file using frontmatterCVE-2023-31506Mediumgetgrav/grav: Cross-site scripting (XSS) vulnerability in GravCVE-2023-37897Highgetgrav/grav: grav Server-side Template Injection (SSTI) mitigation bypassCVE-2023-34448Highgetgrav/grav: Grav Server-side Template Injection (SSTI) via Twig Default Filters

Stop the waste.
Protect your environment with Kodem.