Known Vulnerabilities for Grav by Getgrav
Listed below are 10 of the newest known vulnerabilities associated with "Grav" by "Getgrav".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-29924 json | Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin ... | Not Provided | 2026-03-30 | 2026-03-30 |
| CVE-2023-37897 json | Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The... | 8.8 - HIGH | 2023-07-18 | 2023-07-28 |
| CVE-2023-34452 json | Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected... | 6.1 - MEDIUM | 2023-06-14 | 2023-06-22 |
| CVE-2023-34448 json | Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template i... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2023-34253 json | Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous fun... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34252 json | Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` funct... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34251 json | Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Rem... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2022-2073 json | Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | 7.2 - HIGH | 2022-06-29 | 2022-07-08 |
| CVE-2022-1173 json | stored xss in GitHub repository getgrav/grav prior to 1.7.33. | 5.4 - MEDIUM | 2022-04-26 | 2022-05-05 |
| CVE-2022-0970 json | Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | 5.4 - MEDIUM | 2022-03-15 | 2022-03-22 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.7.0 | |||
| Application | Getgrav | Grav | 1.6.9 | |||
| Application | Getgrav | Grav | 1.6.8 |