Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/75929?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/75929?format=api", "purl": "pkg:composer/getgrav/grav@1.6.16", "type": "composer", "namespace": "getgrav", "name": "grav", "version": "1.6.16", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.7.12", "latest_non_vulnerable_version": "2.0.0-rc.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54353?format=api", "vulnerability_id": "VCID-612f-2hre-27bm", "summary": "Improper Control of Generation of Code ('Code Injection')\nGrav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11163", "scoring_system": "epss", "scoring_elements": "0.93628", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29440" }, { "reference_url": "https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities" }, { "reference_url": "https://packagist.org/packages/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/getgrav/grav" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49961.py", "reference_id": "CVE-2021-29440", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49961.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29440", "reference_id": "CVE-2021-29440", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29440" }, { "reference_url": "https://github.com/advisories/GHSA-g8r4-p96j-xfxc", "reference_id": "GHSA-g8r4-p96j-xfxc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g8r4-p96j-xfxc" }, { "reference_url": "https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc", "reference_id": "GHSA-g8r4-p96j-xfxc", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80323?format=api", "purl": "pkg:composer/getgrav/grav@1.7.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/301977?format=api", "purl": "pkg:composer/getgrav/grav@1.7.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.12" } ], "aliases": [ "CVE-2021-29440", "GHSA-g8r4-p96j-xfxc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-612f-2hre-27bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53870?format=api", "vulnerability_id": "VCID-7qs1-13w7-fkgm", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in getgrav/grav.", "references": [ { "reference_url": "https://github.com/advisories/GHSA-cvmr-6428-87w9", "reference_id": "GHSA-cvmr-6428-87w9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cvmr-6428-87w9" }, { "reference_url": "https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9", "reference_id": "GHSA-cvmr-6428-87w9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79327?format=api", "purl": "pkg:composer/getgrav/grav@1.6.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30" } ], "aliases": [ "GHSA-cvmr-6428-87w9", "GMS-2020-581" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qs1-13w7-fkgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54184?format=api", "vulnerability_id": "VCID-d8z9-wwfs-8bd7", "summary": "Cross-Site Request Forgery (CSRF)\nThe Scheduler in Grav CMS allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35607", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29553" }, { "reference_url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29553", "reference_id": "CVE-2020-29553", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29553" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79327?format=api", "purl": "pkg:composer/getgrav/grav@1.6.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/240808?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/79985?format=api", "purl": "pkg:composer/getgrav/grav@1.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.1" } ], "aliases": [ "CVE-2020-29553", "GHSA-fqff-vcvx-68h3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8z9-wwfs-8bd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54190?format=api", "vulnerability_id": "VCID-tjh6-wb2e-e7fb", "summary": "Path Traversal\nThe Backup functionality in Grav CMS allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.`", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28064", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29556" }, { "reference_url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29556", "reference_id": "CVE-2020-29556", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29556" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79327?format=api", "purl": "pkg:composer/getgrav/grav@1.6.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/79981?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0" } ], "aliases": [ "CVE-2020-29556", "GHSA-r3rg-jrjq-w4mr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tjh6-wb2e-e7fb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54182?format=api", "vulnerability_id": "VCID-uky6-39ye-uqh1", "summary": "Path Traversal\nThe BackupDelete functionality in Grav CMS allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04155", "scoring_system": "epss", "scoring_elements": "0.88864", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-29555" }, { "reference_url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav" }, { "reference_url": "https://github.com/getgrav/grav", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29555", "reference_id": "CVE-2020-29555", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29555" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79327?format=api", "purl": "pkg:composer/getgrav/grav@1.6.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/79981?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0" } ], "aliases": [ "CVE-2020-29555", "GHSA-gpmf-q5jh-hjx4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uky6-39ye-uqh1" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51789?format=api", "vulnerability_id": "VCID-w2rm-j4gr-mffe", "summary": "Cross-site Scripting\nGrav allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00613", "scoring_system": "epss", "scoring_elements": "0.70229", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16126" }, { "reference_url": "https://github.com/getgrav/grav/issues/2657", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/getgrav/grav/issues/2657" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16126", "reference_id": "CVE-2019-16126", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16126" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75929?format=api", "purl": "pkg:composer/getgrav/grav@1.6.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-7qs1-13w7-fkgm" }, { "vulnerability": "VCID-d8z9-wwfs-8bd7" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/240808?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0-beta.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/144280?format=api", "purl": "pkg:composer/getgrav/grav@1.7.0-beta.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-612f-2hre-27bm" }, { "vulnerability": "VCID-tjh6-wb2e-e7fb" }, { "vulnerability": "VCID-uky6-39ye-uqh1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.8" } ], "aliases": [ "CVE-2019-16126", "GHSA-6268-v434-45m5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2rm-j4gr-mffe" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.16" }