getgrav/grav vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2023-34253Highgetgrav/grav: Grav Server-side Template Injection (SSTI) via Denylist Bypass VulnerabilityCVE-2023-34252Highgetgrav/grav: Grav Server-side Template Injection (SSTI) via Twig Default FiltersCVE-2023-34251Criticalgetgrav/grav: Grav Server Side Template Injection (SSTI) vulnerabilityCVE-2022-2073Highgetgrav/grav: Code injection in gravCVE-2020-29556Mediumgetgrav/grav: Grav CMS Local File InjectionCVE-2020-29553Highgetgrav/grav: Grav CMS Cross-Site Request Forgery (CSRF)CVE-2020-29555Highgetgrav/grav: Grav CMS Arbitrary File DeletionCVE-2018-5233Mediumgetgrav/grav: Grav CMS Cross-site scripting (XSS) vulnerabilityCVE-2022-1173Mediumgetgrav/grav: Stored cross site scripting in getgrav/gravCVE-2022-0970Highgetgrav/grav: Stored Cross-site Scripting in gravCVE-2022-0743Mediumgetgrav/grav: Cross site scripting in getgrav/gravCVE-2022-0268Mediumgetgrav/grav: Cross-site Scripting in gravCVE-2020-11529Mediumgetgrav/grav: Open Redirect in GravCVE-2021-3924Highgetgrav/grav: Path traversal in gravCVE-2021-3904Mediumgetgrav/grav: Cross-Site Scripting in gravCVE-2021-3818Mediumgetgrav/grav: Reliance on Cookies without Validation and Integrity Checking in getgrav/gravCVE-2021-29440Highgetgrav/grav: Grav's Twig processing allowing dangerous PHP functions by defaultGHSA-CVMR-6428-87W9Mediumgetgrav/grav: Cross-Site Scripting in GravCVE-2019-16126Mediumgetgrav/grav: Cross-site Scripting in Grav

Stop the waste.
Protect your environment with Kodem.