Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Getgrav — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting Getgrav. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Getgrav:gravgetgrav/gravgrav-plugin-admingetgrav/grav-plugin-adminGravCMSGrav CMS Admin Plugin
CVE IDTitleCVSSSeverityPaused
CVE-2023-34448 Grav Server-side Template Injection (SSTI) via Twig Default Filters — gravCWE-20 8.8 High2023-06-14
CVE-2023-34253 Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass — gravCWE-184 8.8 High2023-06-14
CVE-2023-34252 Grav Server-side Template Injection via Insufficient Validation in filterFilter — gravCWE-184 8.8 High2023-06-14
CVE-2023-34251 Grav Server Side Template Injection vulnerability — gravCWE-94 10.0 Critical2023-06-14
CVE-2022-2073 Code Injection in getgrav/grav — getgrav/gravCWE-94 8.8 -2022-06-29
CVE-2022-1173 stored xss in getgrav/grav — getgrav/gravCWE-79 5.4 -2022-04-26
CVE-2022-0970 Cross-site Scripting (XSS) - Stored in getgrav/grav — getgrav/gravCWE-79 5.4 -2022-03-15
CVE-2022-0743 Cross-site Scripting (XSS) - Stored in getgrav/grav — getgrav/gravCWE-79 5.4 -2022-02-28
CVE-2022-0268 Cross-site Scripting (XSS) - Stored in getgrav/grav — getgrav/gravCWE-79 5.4 -2022-01-25
CVE-2021-3920 Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin — getgrav/grav-plugin-adminCWE-79 5.4 -2021-11-19
CVE-2021-3924 Path Traversal in getgrav/grav — getgrav/gravCWE-22 6.5 -2021-11-05
CVE-2021-3904 Cross-site Scripting (XSS) - Stored in getgrav/grav — getgrav/gravCWE-79 5.4 -2021-10-27
CVE-2021-3818 Reliance on Cookies without Validation and Integrity Checking in getgrav/grav — getgrav/gravCWE-565--2021-09-27
CVE-2021-3799 Improper Restriction of Rendered UI Layers or Frames in getgrav/grav-plugin-admin — getgrav/grav-plugin-adminCWE-1021 3.5 -2021-09-27
CVE-2021-29440 Twig allowing dangerous PHP functions by default — gravCWE-94 8.4 High2021-04-13
CVE-2021-29439 Plugins can be installed with minimal admin privileges — grav-plugin-adminCWE-863 7.2 High2021-04-13
CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution — grav-plugin-adminCWE-284 9.3 Critical2021-04-07

This page lists every published CVE security advisory associated with Getgrav. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.