Known Vulnerabilities for products from Getgrav
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Getgrav".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-42841 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an e... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42612 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav a... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42611 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42610 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update pe... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42609 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-29924 json | Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin ... | Not Provided | 2026-03-30 | 2026-04-06 |
| CVE-2023-37897 json | Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The... | 8.8 - HIGH | 2023-07-18 | 2023-07-28 |
| CVE-2023-34452 json | Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected... | 6.1 - MEDIUM | 2023-06-14 | 2023-06-22 |
| CVE-2023-34448 json | Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template i... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2023-34253 json | Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous fun... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34252 json | Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` funct... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34251 json | Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Rem... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2022-2073 json | Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | 7.2 - HIGH | 2022-06-29 | 2022-07-08 |
| CVE-2022-1173 json | stored xss in GitHub repository getgrav/grav prior to 1.7.33. | 5.4 - MEDIUM | 2022-04-26 | 2022-05-05 |
| CVE-2022-0970 json | Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | 5.4 - MEDIUM | 2022-03-15 | 2022-03-22 |
| CVE-2022-0743 json | Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | 4.6 - MEDIUM | 2022-02-28 | 2022-03-10 |
| CVE-2022-0268 json | Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28. | 5.4 - MEDIUM | 2022-01-25 | 2022-01-28 |
| CVE-2021-29440 json | Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative u... | 7.2 - HIGH | 2021-04-13 | 2022-11-09 |
| CVE-2021-29439 json | The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with th... | 7.2 - HIGH | 2021-04-13 | 2023-11-06 |
| CVE-2021-21425 json | Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.... | 9.8 - CRITICAL | 2021-04-07 | 2022-10-24 |