Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/getgrav/grav@1.2.2
Typecomposer
Namespacegetgrav
Namegrav
Version1.2.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.7.12
Latest_non_vulnerable_version2.0.0-rc.2
Affected_by_vulnerabilities
0
url VCID-612f-2hre-27bm
vulnerability_id VCID-612f-2hre-27bm
summary 
Improper Control of Generation of Code ('Code Injection')
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.
references
0
reference_url http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29440
reference_id
reference_type
scores
0
value 0.11163
scoring_system epss
scoring_elements 0.93628
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29440
2
reference_url https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities
3
reference_url https://packagist.org/packages/getgrav/grav
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/getgrav/grav
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49961.py
reference_id CVE-2021-29440
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49961.py
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29440
reference_id CVE-2021-29440
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29440
6
reference_url https://github.com/advisories/GHSA-g8r4-p96j-xfxc
reference_id GHSA-g8r4-p96j-xfxc
reference_type
scores
url https://github.com/advisories/GHSA-g8r4-p96j-xfxc
7
reference_url https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc
reference_id GHSA-g8r4-p96j-xfxc
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc
fixed_packages
0
url pkg:composer/getgrav/grav@1.7.11
purl pkg:composer/getgrav/grav@1.7.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.11
1
url pkg:composer/getgrav/grav@1.7.12
purl pkg:composer/getgrav/grav@1.7.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.12
aliases CVE-2021-29440, GHSA-g8r4-p96j-xfxc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-612f-2hre-27bm
1
url VCID-7qs1-13w7-fkgm
vulnerability_id VCID-7qs1-13w7-fkgm
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in getgrav/grav.
references
0
reference_url https://github.com/advisories/GHSA-cvmr-6428-87w9
reference_id GHSA-cvmr-6428-87w9
reference_type
scores
url https://github.com/advisories/GHSA-cvmr-6428-87w9
1
reference_url https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9
reference_id GHSA-cvmr-6428-87w9
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.30
purl pkg:composer/getgrav/grav@1.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-d8z9-wwfs-8bd7
2
vulnerability VCID-tjh6-wb2e-e7fb
3
vulnerability VCID-uky6-39ye-uqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30
aliases GHSA-cvmr-6428-87w9, GMS-2020-581
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qs1-13w7-fkgm
2
url VCID-d8z9-wwfs-8bd7
vulnerability_id VCID-d8z9-wwfs-8bd7
summary 
Cross-Site Request Forgery (CSRF)
The Scheduler in Grav CMS allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-29553
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35607
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-29553
1
reference_url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
2
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-29553
reference_id CVE-2020-29553
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-29553
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.30
purl pkg:composer/getgrav/grav@1.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-d8z9-wwfs-8bd7
2
vulnerability VCID-tjh6-wb2e-e7fb
3
vulnerability VCID-uky6-39ye-uqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30
1
url pkg:composer/getgrav/grav@1.7.0-beta.1
purl pkg:composer/getgrav/grav@1.7.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-tjh6-wb2e-e7fb
2
vulnerability VCID-uky6-39ye-uqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.1
2
url pkg:composer/getgrav/grav@1.7.1
purl pkg:composer/getgrav/grav@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.1
aliases CVE-2020-29553, GHSA-fqff-vcvx-68h3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8z9-wwfs-8bd7
3
url VCID-mk59-cvwe-mfb5
vulnerability_id VCID-mk59-cvwe-mfb5
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in `system/src/Grav/Common/Twig/Twig.php` in Grav CMS allows remote attackers to inject arbitrary web script or HTML via the `PATH_INFO` to `admin/tools.`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-5233
reference_id
reference_type
scores
0
value 0.18828
scoring_system epss
scoring_elements 0.95422
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-5233
1
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
2
reference_url https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability
3
reference_url http://www.openwall.com/lists/oss-security/2018/03/15/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2018/03/15/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-5233
reference_id CVE-2018-5233
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-5233
fixed_packages
0
url pkg:composer/getgrav/grav@1.3.0
purl pkg:composer/getgrav/grav@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-7qs1-13w7-fkgm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-tjh6-wb2e-e7fb
4
vulnerability VCID-uky6-39ye-uqh1
5
vulnerability VCID-w2rm-j4gr-mffe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.3.0
aliases CVE-2018-5233, GHSA-977g-93f5-rqjx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mk59-cvwe-mfb5
4
url VCID-tjh6-wb2e-e7fb
vulnerability_id VCID-tjh6-wb2e-e7fb
summary 
Path Traversal
The Backup functionality in Grav CMS allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-29556
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28064
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-29556
1
reference_url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
2
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-29556
reference_id CVE-2020-29556
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-29556
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.30
purl pkg:composer/getgrav/grav@1.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-d8z9-wwfs-8bd7
2
vulnerability VCID-tjh6-wb2e-e7fb
3
vulnerability VCID-uky6-39ye-uqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30
1
url pkg:composer/getgrav/grav@1.7.0
purl pkg:composer/getgrav/grav@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-d8z9-wwfs-8bd7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0
aliases CVE-2020-29556, GHSA-r3rg-jrjq-w4mr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tjh6-wb2e-e7fb
5
url VCID-uky6-39ye-uqh1
vulnerability_id VCID-uky6-39ye-uqh1
summary 
Path Traversal
The BackupDelete functionality in Grav CMS allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-29555
reference_id
reference_type
scores
0
value 0.04155
scoring_system epss
scoring_elements 0.88864
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-29555
1
reference_url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
2
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-29555
reference_id CVE-2020-29555
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-29555
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.30
purl pkg:composer/getgrav/grav@1.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-d8z9-wwfs-8bd7
2
vulnerability VCID-tjh6-wb2e-e7fb
3
vulnerability VCID-uky6-39ye-uqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30
1
url pkg:composer/getgrav/grav@1.7.0
purl pkg:composer/getgrav/grav@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-d8z9-wwfs-8bd7
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0
aliases CVE-2020-29555, GHSA-gpmf-q5jh-hjx4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uky6-39ye-uqh1
6
url VCID-w2rm-j4gr-mffe
vulnerability_id VCID-w2rm-j4gr-mffe
summary 
Cross-site Scripting
Grav allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16126
reference_id
reference_type
scores
0
value 0.00613
scoring_system epss
scoring_elements 0.70229
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16126
1
reference_url https://github.com/getgrav/grav/issues/2657
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/issues/2657
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16126
reference_id CVE-2019-16126
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16126
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.16
purl pkg:composer/getgrav/grav@1.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-7qs1-13w7-fkgm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-tjh6-wb2e-e7fb
4
vulnerability VCID-uky6-39ye-uqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.16
1
url pkg:composer/getgrav/grav@1.7.0-beta.1
purl pkg:composer/getgrav/grav@1.7.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-tjh6-wb2e-e7fb
2
vulnerability VCID-uky6-39ye-uqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.1
2
url pkg:composer/getgrav/grav@1.7.0-beta.8
purl pkg:composer/getgrav/grav@1.7.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-612f-2hre-27bm
1
vulnerability VCID-tjh6-wb2e-e7fb
2
vulnerability VCID-uky6-39ye-uqh1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.8
aliases CVE-2019-16126, GHSA-6268-v434-45m5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2rm-j4gr-mffe
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.2.2