Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/216962?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/216962?format=api", "purl": "pkg:composer/getgrav/grav@1.0.0-rc.1", "type": "composer", "namespace": "getgrav", "name": "grav", "version": "1.0.0-rc.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.7.34", "latest_non_vulnerable_version": "2.0.0-rc.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110565?format=api", "vulnerability_id": "VCID-42b5-mk65-nyd2", "summary": "Code injection in grav\nGrav is vulnerable to Server Side Template Injection via Twig. According to a previous vulnerability report, Twig should not render dangerous functions by default, such as system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43836", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43906", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2073" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83" }, { "reference_url": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2073", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2073" }, { "reference_url": "https://github.com/advisories/GHSA-cxgw-r5jg-7xwq", "reference_id": "GHSA-cxgw-r5jg-7xwq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cxgw-r5jg-7xwq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/149270?format=api", "purl": "pkg:composer/getgrav/grav@1.7.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.34" } ], "aliases": [ "CVE-2022-2073", "GHSA-cxgw-r5jg-7xwq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42b5-mk65-nyd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42207?format=api", "vulnerability_id": "VCID-51ah-g5xe-4qeg", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0268", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5029", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50351", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0268" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://github.com/getgrav/grav/commit/6f2fa9311afb9ecd34030dec2aff7b39e9e7e735", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/commit/6f2fa9311afb9ecd34030dec2aff7b39e9e7e735" }, { "reference_url": "https://huntr.dev/bounties/67085545-331e-4469-90f3-a1a46a078d39", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/67085545-331e-4469-90f3-a1a46a078d39" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0268", "reference_id": "CVE-2022-0268", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0268" }, { "reference_url": "https://github.com/advisories/GHSA-735v-wx75-xmmm", "reference_id": "GHSA-735v-wx75-xmmm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-735v-wx75-xmmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60307?format=api", "purl": "pkg:composer/getgrav/grav@1.7.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.28" } ], "aliases": [ "CVE-2022-0268", "GHSA-735v-wx75-xmmm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-51ah-g5xe-4qeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54353?format=api", "vulnerability_id": "VCID-612f-2hre-27bm", "summary": "Improper Control of Generation of Code ('Code Injection')\nGrav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11163", "scoring_system": "epss", "scoring_elements": "0.93638", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.11163", "scoring_system": "epss", "scoring_elements": "0.93628", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29440" }, { "reference_url": "https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities" }, { "reference_url": "https://packagist.org/packages/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/getgrav/grav" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49961.py", "reference_id": "CVE-2021-29440", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49961.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29440", "reference_id": "CVE-2021-29440", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29440" }, { "reference_url": "https://github.com/advisories/GHSA-g8r4-p96j-xfxc", "reference_id": "GHSA-g8r4-p96j-xfxc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g8r4-p96j-xfxc" }, { "reference_url": "https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc", "reference_id": "GHSA-g8r4-p96j-xfxc", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80323?format=api", "purl": "pkg:composer/getgrav/grav@1.7.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/301977?format=api", "purl": "pkg:composer/getgrav/grav@1.7.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.12" } ], "aliases": [ "CVE-2021-29440", "GHSA-g8r4-p96j-xfxc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-612f-2hre-27bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53870?format=api", "vulnerability_id": "VCID-7qs1-13w7-fkgm", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in getgrav/grav.", "references": [ { "reference_url": "https://github.com/advisories/GHSA-cvmr-6428-87w9", "reference_id": "GHSA-cvmr-6428-87w9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cvmr-6428-87w9" }, { "reference_url": "https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9", "reference_id": "GHSA-cvmr-6428-87w9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79327?format=api", "purl": "pkg:composer/getgrav/grav@1.6.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30" } ], "aliases": [ "GHSA-cvmr-6428-87w9", "GMS-2020-581" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qs1-13w7-fkgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54184?format=api", "vulnerability_id": "VCID-d8z9-wwfs-8bd7", "summary": "Cross-Site Request Forgery (CSRF)\nThe Scheduler in Grav CMS allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35709", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35607", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29553" }, { "reference_url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29553", "reference_id": "CVE-2020-29553", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29553" }, { "reference_url": "https://github.com/advisories/GHSA-fqff-vcvx-68h3", "reference_id": "GHSA-fqff-vcvx-68h3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fqff-vcvx-68h3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79327?format=api", "purl": "pkg:composer/getgrav/grav@1.6.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/240808?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/79985?format=api", "purl": "pkg:composer/getgrav/grav@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.1" } ], "aliases": [ "CVE-2020-29553", "GHSA-fqff-vcvx-68h3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8z9-wwfs-8bd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42553?format=api", "vulnerability_id": "VCID-jswn-z6r2-f3dj", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5175", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51809", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0743" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://github.com/getgrav/grav/commit/3dd0cabeac9835fe64dcb4b68c658b39f1f6be2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/commit/3dd0cabeac9835fe64dcb4b68c658b39f1f6be2f" }, { "reference_url": "https://huntr.dev/bounties/32ea4ddb-5b41-4bf9-b5a1-ef455fe2d293", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/32ea4ddb-5b41-4bf9-b5a1-ef455fe2d293" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0743", "reference_id": "CVE-2022-0743", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0743" }, { "reference_url": "https://github.com/advisories/GHSA-2p89-ppc2-mrq4", "reference_id": "GHSA-2p89-ppc2-mrq4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p89-ppc2-mrq4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60844?format=api", "purl": "pkg:composer/getgrav/grav@1.7.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.31" } ], "aliases": [ "CVE-2022-0743", "GHSA-2p89-ppc2-mrq4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jswn-z6r2-f3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39505?format=api", "vulnerability_id": "VCID-mk59-cvwe-mfb5", "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in `system/src/Grav/Common/Twig/Twig.php` in Grav CMS allows remote attackers to inject arbitrary web script or HTML via the `PATH_INFO` to `admin/tools.`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18828", "scoring_system": "epss", "scoring_elements": "0.9543", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.18828", "scoring_system": "epss", "scoring_elements": "0.95422", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5233" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2018/03/15/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2018/03/15/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5233", "reference_id": "CVE-2018-5233", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5233" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55219?format=api", "purl": "pkg:composer/getgrav/grav@1.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-7qs1-13w7-fkgm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-ta5r-m2e1-6qgr" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-w2rm-j4gr-mffe" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.3.0" } ], "aliases": [ "CVE-2018-5233", "GHSA-977g-93f5-rqjx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mk59-cvwe-mfb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41515?format=api", "vulnerability_id": "VCID-q57k-9vrf-akef", "summary": "grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3818", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.53042", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52981", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3818" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07" }, { "reference_url": "https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea" }, { "reference_url": "https://github.com/advisories/GHSA-cg3q-59w7-rvc2", "reference_id": "GHSA-cg3q-59w7-rvc2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cg3q-59w7-rvc2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59163?format=api", "purl": "pkg:composer/getgrav/grav@1.7.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.21" } ], "aliases": [ "CVE-2021-3818", "GHSA-cg3q-59w7-rvc2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q57k-9vrf-akef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41691?format=api", "vulnerability_id": "VCID-r6yg-4kxp-tfay", "summary": "grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3924", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00975", "scoring_system": "epss", "scoring_elements": "0.77025", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00975", "scoring_system": "epss", "scoring_elements": "0.77057", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3924" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://github.com/getgrav/grav/commit/8f9c417c04b89dc8d2de60b95e7696821b2826ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/commit/8f9c417c04b89dc8d2de60b95e7696821b2826ce" }, { "reference_url": "https://huntr.dev/bounties/7ca13522-d0c9-4eff-a7dd-6fd1a7f205a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/7ca13522-d0c9-4eff-a7dd-6fd1a7f205a2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3924", "reference_id": "CVE-2021-3924", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3924" }, { "reference_url": "https://github.com/advisories/GHSA-8c5p-4362-9333", "reference_id": "GHSA-8c5p-4362-9333", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8c5p-4362-9333" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3924", "GHSA-8c5p-4362-9333" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6yg-4kxp-tfay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42000?format=api", "vulnerability_id": "VCID-ta5r-m2e1-6qgr", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nCommon/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70296", "scoring_system": "epss", "scoring_elements": "0.98702", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.70296", "scoring_system": "epss", "scoring_elements": "0.98701", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11529" }, { "reference_url": "https://getgrav.org/#changelog", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://getgrav.org/#changelog" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://github.com/getgrav/grav/commit/2eae104c7a4bf32bc26cb8073d5c40464bfda3f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/commit/2eae104c7a4bf32bc26cb8073d5c40464bfda3f7" }, { "reference_url": "https://github.com/getgrav/grav/issues/3134", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/issues/3134" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11529", "reference_id": "CVE-2020-11529", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11529" }, { "reference_url": "https://github.com/advisories/GHSA-wrxc-mr2w-cjpv", "reference_id": "GHSA-wrxc-mr2w-cjpv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrxc-mr2w-cjpv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60065?format=api", "purl": "pkg:composer/getgrav/grav@1.6.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-7qs1-13w7-fkgm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.23" } ], "aliases": [ "CVE-2020-11529", "GHSA-wrxc-mr2w-cjpv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ta5r-m2e1-6qgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54190?format=api", "vulnerability_id": "VCID-tjh6-wb2e-e7fb", "summary": "Path Traversal\nThe Backup functionality in Grav CMS allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28134", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28064", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29556" }, { "reference_url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29556", "reference_id": "CVE-2020-29556", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29556" }, { "reference_url": "https://github.com/advisories/GHSA-r3rg-jrjq-w4mr", "reference_id": "GHSA-r3rg-jrjq-w4mr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r3rg-jrjq-w4mr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79327?format=api", "purl": "pkg:composer/getgrav/grav@1.6.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/79981?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0" } ], "aliases": [ "CVE-2020-29556", "GHSA-r3rg-jrjq-w4mr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tjh6-wb2e-e7fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54182?format=api", "vulnerability_id": "VCID-uky6-39ye-uqh1", "summary": "Path Traversal\nThe BackupDelete functionality in Grav CMS allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04155", "scoring_system": "epss", "scoring_elements": "0.88864", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04155", "scoring_system": "epss", "scoring_elements": "0.88882", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29555" }, { "reference_url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29555", "reference_id": "CVE-2020-29555", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29555" }, { "reference_url": "https://github.com/advisories/GHSA-gpmf-q5jh-hjx4", "reference_id": "GHSA-gpmf-q5jh-hjx4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gpmf-q5jh-hjx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79327?format=api", "purl": "pkg:composer/getgrav/grav@1.6.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/79981?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0" } ], "aliases": [ "CVE-2020-29555", "GHSA-gpmf-q5jh-hjx4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uky6-39ye-uqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42699?format=api", "vulnerability_id": "VCID-unfe-xt2t-fkb5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0970", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.59959", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60006", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-0970" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://github.com/getgrav/grav/commit/f19297d5f70476e7bedae9f2acef6b43615538b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/commit/f19297d5f70476e7bedae9f2acef6b43615538b8" }, { "reference_url": "https://huntr.dev/bounties/dd436c44-cbf4-48ac-8817-3a24872534ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/dd436c44-cbf4-48ac-8817-3a24872534ec" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0970", "reference_id": "CVE-2022-0970", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0970" }, { "reference_url": "https://github.com/advisories/GHSA-r6hh-5g3q-wwgc", "reference_id": "GHSA-r6hh-5g3q-wwgc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6hh-5g3q-wwgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60844?format=api", "purl": "pkg:composer/getgrav/grav@1.7.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.31" } ], "aliases": [ "CVE-2022-0970", "GHSA-r6hh-5g3q-wwgc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-unfe-xt2t-fkb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41650?format=api", "vulnerability_id": "VCID-w173-rwhh-2fg3", "summary": "grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49719", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49783", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3904" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://github.com/getgrav/grav/commit/afc69a3229bb6fe120b2c1ea27bc6f196ed7284d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/commit/afc69a3229bb6fe120b2c1ea27bc6f196ed7284d" }, { "reference_url": "https://huntr.dev/bounties/b1182515-d911-4da9-b4f7-b4c341a62a8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/b1182515-d911-4da9-b4f7-b4c341a62a8d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3904", "reference_id": "CVE-2021-3904", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3904" }, { "reference_url": "https://github.com/advisories/GHSA-5jxc-hmqf-3f73", "reference_id": "GHSA-5jxc-hmqf-3f73", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5jxc-hmqf-3f73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59436?format=api", "purl": "pkg:composer/getgrav/grav@1.7.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.24" } ], "aliases": [ "CVE-2021-3904", "GHSA-5jxc-hmqf-3f73" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w173-rwhh-2fg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51789?format=api", "vulnerability_id": "VCID-w2rm-j4gr-mffe", "summary": "Cross-site Scripting\nGrav allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70229", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70271", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16126" }, { "reference_url": "https://github.com/getgrav/grav/issues/2657", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/issues/2657" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16126", "reference_id": "CVE-2019-16126", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16126" }, { "reference_url": "https://github.com/advisories/GHSA-6268-v434-45m5", "reference_id": "GHSA-6268-v434-45m5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6268-v434-45m5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75929?format=api", "purl": "pkg:composer/getgrav/grav@1.6.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-7qs1-13w7-fkgm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-ta5r-m2e1-6qgr" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/240808?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/144280?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" }, { "vulnerability": "VCID-51ah-g5xe-4qeg" }, { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-jswn-z6r2-f3dj" }, { "vulnerability": "VCID-q57k-9vrf-akef" }, { "vulnerability": "VCID-r6yg-4kxp-tfay" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" }, { "vulnerability": "VCID-unfe-xt2t-fkb5" }, { "vulnerability": "VCID-w173-rwhh-2fg3" }, { "vulnerability": "VCID-wcwt-6fap-1ugc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.8" } ], "aliases": [ "CVE-2019-16126", "GHSA-6268-v434-45m5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2rm-j4gr-mffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43019?format=api", "vulnerability_id": "VCID-wcwt-6fap-1ugc", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nstored xss in GitHub repository getgrav/grav prior to 1.7.33.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57903", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57956", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1173" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://github.com/getgrav/grav/commit/1c0ed43afa5dc14169e6aa693b38e1a2f7aecad9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/commit/1c0ed43afa5dc14169e6aa693b38e1a2f7aecad9" }, { "reference_url": "https://huntr.dev/bounties/b6016e95-9f48-4945-89cb-199b6e072218", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/b6016e95-9f48-4945-89cb-199b6e072218" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1173", "reference_id": "CVE-2022-1173", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1173" }, { "reference_url": "https://github.com/advisories/GHSA-3p5m-j98p-c698", "reference_id": "GHSA-3p5m-j98p-c698", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3p5m-j98p-c698" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61559?format=api", "purl": "pkg:composer/getgrav/grav@1.7.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-42b5-mk65-nyd2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.33" } ], "aliases": [ "CVE-2022-1173", "GHSA-3p5m-j98p-c698" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wcwt-6fap-1ugc" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.0.0-rc.1" }