Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/statamic/cms@5.73.16
purl pkg:composer/statamic/cms@5.73.16
Next non-vulnerable version 5.73.20
Latest non-vulnerable version 6.18.1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-3ecw-t3fm-3fh4
Aliases:
CVE-2026-41175
GHSA-4jjr-vmv7-wh4w
5.73.20
Affected by 0 other vulnerabilities.
6.13.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-2nav-d5sc-buc2 CVE-2026-33885
GHSA-7f74-7q5w-hj4r
VCID-5ukf-bhcd-suhw Statamic vulnerable to remote code execution via Antlers-enabled control panel inputs An authenticated control panel user with access to Antlers-enabled inputs may be able to achieve remote code execution in the application context. That can lead to full compromise of the application, including access to sensitive configuration, modification or exfiltration of data, and potential impact on availability. Exploitation is only possible where Antlers runs on user-controlled content—for example, content fields with Antlers explicitly enabled (requiring permission to configure fields and to edit entries), built-in config that supports Antlers such as Forms email notification settings (requiring configuration permission), or third-party addons that add Antlers-enabled fields to entries (for example, the SEO Pro addon). In each case the attacker must have the relevant control panel permissions. CVE-2026-28425
GHSA-cpv7-q2wx-m8rw
VCID-e9pw-5s2v-yqct CVE-2026-33882
GHSA-cvh3-23vq-w7h4
VCID-hnye-658u-yfcx CVE-2026-33884
GHSA-8vwx-ccf6-5wg2
VCID-s55s-2gzg-13c2 CVE-2026-33887
GHSA-4hp7-3wxg-cv9q
VCID-t5kq-pvrj-t7fy CVE-2026-33883
GHSA-3jg4-p23x-p4qx
VCID-x2e6-zs8r-syem CVE-2026-33886
GHSA-gcqf-5x9f-hq7f

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T10:48:56.074615+00:00 GitLab Importer Affected by VCID-3ecw-t3fm-3fh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/GHSA-4jjr-vmv7-wh4w.yml 38.6.0
2026-06-01T10:47:30.549066+00:00 GitLab Importer Affected by VCID-3ecw-t3fm-3fh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-41175.yml 38.6.0
2026-06-01T10:17:59.642091+00:00 GitLab Importer Fixing VCID-e9pw-5s2v-yqct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-33882.yml 38.6.0
2026-06-01T10:16:56.922764+00:00 GitLab Importer Fixing VCID-2nav-d5sc-buc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-33885.yml 38.6.0
2026-06-01T10:16:43.387319+00:00 GitLab Importer Fixing VCID-t5kq-pvrj-t7fy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-33883.yml 38.6.0
2026-06-01T10:16:35.293112+00:00 GitLab Importer Fixing VCID-hnye-658u-yfcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-33884.yml 38.6.0
2026-06-01T10:16:14.401296+00:00 GitLab Importer Fixing VCID-s55s-2gzg-13c2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-33887.yml 38.6.0
2026-06-01T10:15:39.130125+00:00 GitLab Importer Fixing VCID-x2e6-zs8r-syem https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-33886.yml 38.6.0
2026-05-31T21:38:26.216667+00:00 GHSA Importer Fixing VCID-s55s-2gzg-13c2 https://github.com/advisories/GHSA-4hp7-3wxg-cv9q 38.6.0
2026-05-31T21:38:26.185173+00:00 GHSA Importer Fixing VCID-x2e6-zs8r-syem https://github.com/advisories/GHSA-gcqf-5x9f-hq7f 38.6.0
2026-05-31T21:38:26.114539+00:00 GHSA Importer Fixing VCID-2nav-d5sc-buc2 https://github.com/advisories/GHSA-7f74-7q5w-hj4r 38.6.0
2026-05-31T21:38:26.046786+00:00 GHSA Importer Fixing VCID-hnye-658u-yfcx https://github.com/advisories/GHSA-8vwx-ccf6-5wg2 38.6.0
2026-05-31T21:38:25.978298+00:00 GHSA Importer Fixing VCID-t5kq-pvrj-t7fy https://github.com/advisories/GHSA-3jg4-p23x-p4qx 38.6.0
2026-05-31T21:38:25.899575+00:00 GHSA Importer Fixing VCID-e9pw-5s2v-yqct https://github.com/advisories/GHSA-cvh3-23vq-w7h4 38.6.0
2026-05-31T10:56:26.429604+00:00 GithubOSV Importer Fixing VCID-t5kq-pvrj-t7fy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-3jg4-p23x-p4qx/GHSA-3jg4-p23x-p4qx.json 38.6.0
2026-05-31T10:56:20.822712+00:00 GithubOSV Importer Fixing VCID-hnye-658u-yfcx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-8vwx-ccf6-5wg2/GHSA-8vwx-ccf6-5wg2.json 38.6.0
2026-05-31T10:56:01.065775+00:00 GithubOSV Importer Fixing VCID-2nav-d5sc-buc2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-7f74-7q5w-hj4r/GHSA-7f74-7q5w-hj4r.json 38.6.0
2026-05-31T10:55:39.893201+00:00 GithubOSV Importer Fixing VCID-e9pw-5s2v-yqct https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-cvh3-23vq-w7h4/GHSA-cvh3-23vq-w7h4.json 38.6.0
2026-05-31T10:54:53.662767+00:00 GithubOSV Importer Fixing VCID-5ukf-bhcd-suhw https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-cpv7-q2wx-m8rw/GHSA-cpv7-q2wx-m8rw.json 38.6.0
2026-05-31T10:54:53.493778+00:00 GithubOSV Importer Fixing VCID-x2e6-zs8r-syem https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-gcqf-5x9f-hq7f/GHSA-gcqf-5x9f-hq7f.json 38.6.0
2026-05-31T10:54:30.137537+00:00 GithubOSV Importer Fixing VCID-s55s-2gzg-13c2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-4hp7-3wxg-cv9q/GHSA-4hp7-3wxg-cv9q.json 38.6.0
2026-05-31T01:08:02.392978+00:00 GHSA Importer Fixing VCID-5ukf-bhcd-suhw https://github.com/advisories/GHSA-cpv7-q2wx-m8rw 38.6.0
2026-05-30T21:07:22.412972+00:00 GitLab Importer Fixing VCID-5ukf-bhcd-suhw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/statamic/cms/CVE-2026-28425.yml 38.6.0