getgrav/grav
Packagist69 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting getgrav/gravpage 2 of 2
- CVE-2025-66843MEDIUMCVSS 5.4EG 5.42025-12-15
vulnerable: 0.8.0 ... 1.7.9 (285 versions)
grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editing functionality. An authenticated low-privileged user with permission to edit content can inject malicious JavaScript payloads into editab…
- CVE-2025-66844CRITICALCVSS 9.1EG 9.12025-12-15
vulnerable: 0.8.0 ... 1.7.9 (285 versions)
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered
- CVE-2026-42607CRITICALCVSS 9.1EG 9.1✓ Fixed in 2.0.0-beta.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file through the "Direct Install" tool. While the s…
- CVE-2026-42608CRITICALCVSS 9.1EG 9.1✓ Fixed in 2.0.0-beta.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POST requests), an unauthenticated attacker…
- CVE-2026-42609HIGHCVSS 8.1EG 8.1✓ Fixed in 2.0.0-beta.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing accounts, including the primary admin…
- CVE-2026-42610MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.0.0-beta.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update permissions) can bypass the existing Twig sandbox restrictions by utilizing the grav['accounts'] service. Attacker c…
- CVE-2026-42611HIGHCVSS 8.9EG 8.9✓ Fixed in 2.0.0-beta.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information ava…
- CVE-2026-42612HIGHCVSS 8.5EG 8.5✓ Fixed in 2.0.0-beta.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the de…
- CVE-2026-42613CRITICALCVSS 9.4EG 9.4✓ Fixed in 2.0.0-beta.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registrati…
- CVE-2026-42841MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.0.0-beta.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax.…
- CVE-2026-42842MEDIUMCVSS 5.4EG 5.4✓ Fixed in 2.0.0-beta.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered …
- CVE-2026-42844HIGHCVSS 8.8EG 8.8✓ Fixed in 2.0.0-beta.42026-05-12
vulnerable: 0.8.0 ... 2.0.0-beta.3 (319 versions)
Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created …
- CVE-2026-44737MEDIUMCVSS 6.2EG 6.2✓ Fixed in 1.7.49.52026-05-11
vulnerable: 0.8.0 ... 1.7.9 (284 versions)
grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user …
- CVE-2026-44738HIGHCVSS 7.7EG 7.7✓ Fixed in 2.0.0-rc.22026-05-11
vulnerable: 0.8.0 ... 2.0.0-rc.1 (321 versions)
Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire merged site configuration — including all…
- CVE-2026-55885MEDIUMCVSS 6.8EG 6.8✓ Fixed in 1.7.532026-06-18
vulnerable: 0.8.0 ... 1.7.9 (287 versions)
Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the administrator pas…
- CVE-2026-55890MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.0.0-rc.92026-06-18
vulnerable: 0.8.0 ... 2.0.0-rc.8 (329 versions)
Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action (CVE-2026-42841) leaves the sibling MediaObjectTrait::style method reachable through the same Markdown…
- CVE-2026-56700CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.0.0-beta.22026-07-01
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav CMS before 2.0.0-beta.2 contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls - in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session - deserialize untrusted data without restricting allowe…
- CVE-2026-56701MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.0.0-beta.22026-06-23
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexml_load_string without disabling extern…
- CVE-2026-7317MEDIUMCVSS 5.0EG 5.0✓ Fixed in 2.0.0-beta.22026-04-28
vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The …
Check whether getgrav/grav is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for getgrav/grav CVEs against the assets you own.
Start Free Scan →