Known Vulnerabilities for products from Getgrav
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Getgrav".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-44738 json | Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages rol... | Not Provided | 2026-05-11 | 2026-05-14 |
| CVE-2026-42844 json | Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abu... | Not Provided | 2026-05-12 | 2026-05-19 |
| CVE-2026-42843 json | Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration... | Not Provided | 2026-05-11 | 2026-05-27 |
| CVE-2026-42841 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an e... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42612 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav a... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42611 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42610 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update pe... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-42609 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low... | Not Provided | 2026-05-11 | 2026-05-14 |
| CVE-2026-42608 json | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core c... | Not Provided | 2026-05-11 | 2026-05-13 |
| CVE-2026-29924 json | Grav CMS v1.7.x and before is vulnerable to XML External Entity (XXE) through the SVG file upload functionality in the admin ... | Not Provided | 2026-03-30 | 2026-04-06 |
| CVE-2023-37897 json | Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The... | 8.8 - HIGH | 2023-07-18 | 2023-07-28 |
| CVE-2023-34452 json | Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected... | 6.1 - MEDIUM | 2023-06-14 | 2023-06-22 |
| CVE-2023-34448 json | Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template i... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2023-34253 json | Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous fun... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34252 json | Grav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` funct... | 7.2 - HIGH | 2023-06-14 | 2023-11-07 |
| CVE-2023-34251 json | Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Rem... | 7.2 - HIGH | 2023-06-14 | 2023-06-22 |
| CVE-2022-2073 json | Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | 7.2 - HIGH | 2022-06-29 | 2022-07-08 |
| CVE-2022-1173 json | stored xss in GitHub repository getgrav/grav prior to 1.7.33. | 5.4 - MEDIUM | 2022-04-26 | 2022-05-05 |
| CVE-2022-0970 json | Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | 5.4 - MEDIUM | 2022-03-15 | 2022-03-22 |
| CVE-2022-0743 json | Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31. | 4.6 - MEDIUM | 2022-02-28 | 2022-03-10 |