Known Vulnerabilities for products from Getgrav
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Getgrav".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-61456 json | Not Provided | 2026-07-10 | 2026-07-10 | |
| CVE-2026-61454 json | Not Provided | 2026-07-11 | 2026-07-11 | |
| CVE-2026-59193 json | Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploa... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-58654 json | Not Provided | 2026-07-08 | 2026-07-08 | |
| CVE-2026-44738 json | Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages rol... | Not Provided | 2026-05-11 | 2026-05-14 |
| CVE-2026-42844 json | Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abu... | Not Provided | 2026-05-12 | 2026-05-19 |
| CVE-2026-42843 json | Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration... | Not Provided | 2026-05-11 | 2026-05-27 |
| CVE-2026-42841 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an e... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42612 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav a... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42611 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42610 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update pe... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42609 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low... | Not Provided | 2026-05-11 | 2026-05-14 |
| CVE-2026-42608 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core c... | Not Provided | 2026-05-11 | 2026-05-13 |
| CVE-2026-29924 json | Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin ... | Not Provided | 2026-03-30 | 2026-04-06 |
| CVE-2023-37897 json | Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The... | 8.8 - HIGH | 2023-07-18 | 2023-07-28 |
| CVE-2023-34452 json | Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected... | 6.1 - MEDIUM | 2023-06-14 | 2023-06-22 |
| CVE-2023-34448 json | Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template i... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2023-34253 json | Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous fun... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34252 json | Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` funct... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34251 json | Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Rem... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |