Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/getgrav/grav@0.9.36
Typecomposer
Namespacegetgrav
Namegrav
Version0.9.36
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.7.28
Latest_non_vulnerable_version2.0.0-rc.2
Affected_by_vulnerabilities
0
url VCID-51ah-g5xe-4qeg
vulnerability_id VCID-51ah-g5xe-4qeg
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0268
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.5029
published_at 2026-06-04T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50351
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0268
1
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
2
reference_url https://github.com/getgrav/grav/commit/6f2fa9311afb9ecd34030dec2aff7b39e9e7e735
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/commit/6f2fa9311afb9ecd34030dec2aff7b39e9e7e735
3
reference_url https://huntr.dev/bounties/67085545-331e-4469-90f3-a1a46a078d39
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/67085545-331e-4469-90f3-a1a46a078d39
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0268
reference_id CVE-2022-0268
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0268
5
reference_url https://github.com/advisories/GHSA-735v-wx75-xmmm
reference_id GHSA-735v-wx75-xmmm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-735v-wx75-xmmm
fixed_packages
0
url pkg:composer/getgrav/grav@1.7.28
purl pkg:composer/getgrav/grav@1.7.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.28
aliases CVE-2022-0268, GHSA-735v-wx75-xmmm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-51ah-g5xe-4qeg
1
url VCID-612f-2hre-27bm
vulnerability_id VCID-612f-2hre-27bm
summary 
Improper Control of Generation of Code ('Code Injection')
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.
references
0
reference_url http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29440
reference_id
reference_type
scores
0
value 0.11163
scoring_system epss
scoring_elements 0.93638
published_at 2026-06-05T12:55:00Z
1
value 0.11163
scoring_system epss
scoring_elements 0.93628
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29440
2
reference_url https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities
3
reference_url https://packagist.org/packages/getgrav/grav
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/getgrav/grav
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49961.py
reference_id CVE-2021-29440
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49961.py
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29440
reference_id CVE-2021-29440
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29440
6
reference_url https://github.com/advisories/GHSA-g8r4-p96j-xfxc
reference_id GHSA-g8r4-p96j-xfxc
reference_type
scores
url https://github.com/advisories/GHSA-g8r4-p96j-xfxc
7
reference_url https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc
reference_id GHSA-g8r4-p96j-xfxc
reference_type
scores
0
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc
fixed_packages
0
url pkg:composer/getgrav/grav@1.7.11
purl pkg:composer/getgrav/grav@1.7.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.11
1
url pkg:composer/getgrav/grav@1.7.12
purl pkg:composer/getgrav/grav@1.7.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-q57k-9vrf-akef
2
vulnerability VCID-r6yg-4kxp-tfay
3
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.12
aliases CVE-2021-29440, GHSA-g8r4-p96j-xfxc
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-612f-2hre-27bm
2
url VCID-7qs1-13w7-fkgm
vulnerability_id VCID-7qs1-13w7-fkgm
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in getgrav/grav.
references
0
reference_url https://github.com/advisories/GHSA-cvmr-6428-87w9
reference_id GHSA-cvmr-6428-87w9
reference_type
scores
url https://github.com/advisories/GHSA-cvmr-6428-87w9
1
reference_url https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9
reference_id GHSA-cvmr-6428-87w9
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.30
purl pkg:composer/getgrav/grav@1.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-q57k-9vrf-akef
4
vulnerability VCID-r6yg-4kxp-tfay
5
vulnerability VCID-tjh6-wb2e-e7fb
6
vulnerability VCID-uky6-39ye-uqh1
7
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30
aliases GHSA-cvmr-6428-87w9, GMS-2020-581
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qs1-13w7-fkgm
3
url VCID-d8z9-wwfs-8bd7
vulnerability_id VCID-d8z9-wwfs-8bd7
summary 
Cross-Site Request Forgery (CSRF)
The Scheduler in Grav CMS allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-29553
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35709
published_at 2026-06-05T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35607
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-29553
1
reference_url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
2
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-29553
reference_id CVE-2020-29553
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-29553
4
reference_url https://github.com/advisories/GHSA-fqff-vcvx-68h3
reference_id GHSA-fqff-vcvx-68h3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fqff-vcvx-68h3
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.30
purl pkg:composer/getgrav/grav@1.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-q57k-9vrf-akef
4
vulnerability VCID-r6yg-4kxp-tfay
5
vulnerability VCID-tjh6-wb2e-e7fb
6
vulnerability VCID-uky6-39ye-uqh1
7
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30
1
url pkg:composer/getgrav/grav@1.7.0-beta.1
purl pkg:composer/getgrav/grav@1.7.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-q57k-9vrf-akef
4
vulnerability VCID-r6yg-4kxp-tfay
5
vulnerability VCID-tjh6-wb2e-e7fb
6
vulnerability VCID-uky6-39ye-uqh1
7
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.1
2
url pkg:composer/getgrav/grav@1.7.1
purl pkg:composer/getgrav/grav@1.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-q57k-9vrf-akef
3
vulnerability VCID-r6yg-4kxp-tfay
4
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.1
aliases CVE-2020-29553, GHSA-fqff-vcvx-68h3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d8z9-wwfs-8bd7
4
url VCID-mk59-cvwe-mfb5
vulnerability_id VCID-mk59-cvwe-mfb5
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in `system/src/Grav/Common/Twig/Twig.php` in Grav CMS allows remote attackers to inject arbitrary web script or HTML via the `PATH_INFO` to `admin/tools.`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-5233
reference_id
reference_type
scores
0
value 0.18828
scoring_system epss
scoring_elements 0.9543
published_at 2026-06-05T12:55:00Z
1
value 0.18828
scoring_system epss
scoring_elements 0.95422
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-5233
1
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
2
reference_url https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sysdream.com/news/lab/2018-03-15-cve-2018-5233-grav-cms-admin-plugin-reflected-cross-site-scripting-xss-vulnerability
3
reference_url http://www.openwall.com/lists/oss-security/2018/03/15/1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2018/03/15/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-5233
reference_id CVE-2018-5233
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-5233
fixed_packages
0
url pkg:composer/getgrav/grav@1.3.0
purl pkg:composer/getgrav/grav@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-7qs1-13w7-fkgm
3
vulnerability VCID-d8z9-wwfs-8bd7
4
vulnerability VCID-q57k-9vrf-akef
5
vulnerability VCID-r6yg-4kxp-tfay
6
vulnerability VCID-ta5r-m2e1-6qgr
7
vulnerability VCID-tjh6-wb2e-e7fb
8
vulnerability VCID-uky6-39ye-uqh1
9
vulnerability VCID-w173-rwhh-2fg3
10
vulnerability VCID-w2rm-j4gr-mffe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.3.0
aliases CVE-2018-5233, GHSA-977g-93f5-rqjx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mk59-cvwe-mfb5
5
url VCID-q57k-9vrf-akef
vulnerability_id VCID-q57k-9vrf-akef
summary grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3818
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.53042
published_at 2026-06-05T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.52981
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3818
1
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
2
reference_url https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07
3
reference_url https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea
4
reference_url https://github.com/advisories/GHSA-cg3q-59w7-rvc2
reference_id GHSA-cg3q-59w7-rvc2
reference_type
scores
url https://github.com/advisories/GHSA-cg3q-59w7-rvc2
fixed_packages
0
url pkg:composer/getgrav/grav@1.7.21
purl pkg:composer/getgrav/grav@1.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-r6yg-4kxp-tfay
2
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.21
aliases CVE-2021-3818, GHSA-cg3q-59w7-rvc2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q57k-9vrf-akef
6
url VCID-r6yg-4kxp-tfay
vulnerability_id VCID-r6yg-4kxp-tfay
summary grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3924
reference_id
reference_type
scores
0
value 0.00975
scoring_system epss
scoring_elements 0.77025
published_at 2026-06-04T12:55:00Z
1
value 0.00975
scoring_system epss
scoring_elements 0.77057
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3924
1
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
2
reference_url https://github.com/getgrav/grav/commit/8f9c417c04b89dc8d2de60b95e7696821b2826ce
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/commit/8f9c417c04b89dc8d2de60b95e7696821b2826ce
3
reference_url https://huntr.dev/bounties/7ca13522-d0c9-4eff-a7dd-6fd1a7f205a2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/7ca13522-d0c9-4eff-a7dd-6fd1a7f205a2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3924
reference_id CVE-2021-3924
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3924
5
reference_url https://github.com/advisories/GHSA-8c5p-4362-9333
reference_id GHSA-8c5p-4362-9333
reference_type
scores
url https://github.com/advisories/GHSA-8c5p-4362-9333
fixed_packages
aliases CVE-2021-3924, GHSA-8c5p-4362-9333
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r6yg-4kxp-tfay
7
url VCID-ta5r-m2e1-6qgr
vulnerability_id VCID-ta5r-m2e1-6qgr
summary 
URL Redirection to Untrusted Site ('Open Redirect')
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11529
reference_id
reference_type
scores
0
value 0.70296
scoring_system epss
scoring_elements 0.98702
published_at 2026-06-05T12:55:00Z
1
value 0.70296
scoring_system epss
scoring_elements 0.98701
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11529
1
reference_url https://getgrav.org/#changelog
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://getgrav.org/#changelog
2
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
3
reference_url https://github.com/getgrav/grav/commit/2eae104c7a4bf32bc26cb8073d5c40464bfda3f7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/commit/2eae104c7a4bf32bc26cb8073d5c40464bfda3f7
4
reference_url https://github.com/getgrav/grav/issues/3134
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/issues/3134
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11529
reference_id CVE-2020-11529
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11529
6
reference_url https://github.com/advisories/GHSA-wrxc-mr2w-cjpv
reference_id GHSA-wrxc-mr2w-cjpv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wrxc-mr2w-cjpv
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.23
purl pkg:composer/getgrav/grav@1.6.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-7qs1-13w7-fkgm
3
vulnerability VCID-d8z9-wwfs-8bd7
4
vulnerability VCID-q57k-9vrf-akef
5
vulnerability VCID-r6yg-4kxp-tfay
6
vulnerability VCID-tjh6-wb2e-e7fb
7
vulnerability VCID-uky6-39ye-uqh1
8
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.23
aliases CVE-2020-11529, GHSA-wrxc-mr2w-cjpv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ta5r-m2e1-6qgr
8
url VCID-tjh6-wb2e-e7fb
vulnerability_id VCID-tjh6-wb2e-e7fb
summary 
Path Traversal
The Backup functionality in Grav CMS allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.`
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-29556
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28134
published_at 2026-06-05T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28064
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-29556
1
reference_url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
2
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-29556
reference_id CVE-2020-29556
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-29556
4
reference_url https://github.com/advisories/GHSA-r3rg-jrjq-w4mr
reference_id GHSA-r3rg-jrjq-w4mr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r3rg-jrjq-w4mr
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.30
purl pkg:composer/getgrav/grav@1.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-q57k-9vrf-akef
4
vulnerability VCID-r6yg-4kxp-tfay
5
vulnerability VCID-tjh6-wb2e-e7fb
6
vulnerability VCID-uky6-39ye-uqh1
7
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30
1
url pkg:composer/getgrav/grav@1.7.0
purl pkg:composer/getgrav/grav@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-q57k-9vrf-akef
4
vulnerability VCID-r6yg-4kxp-tfay
5
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0
aliases CVE-2020-29556, GHSA-r3rg-jrjq-w4mr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tjh6-wb2e-e7fb
9
url VCID-uky6-39ye-uqh1
vulnerability_id VCID-uky6-39ye-uqh1
summary 
Path Traversal
The BackupDelete functionality in Grav CMS allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-29555
reference_id
reference_type
scores
0
value 0.04155
scoring_system epss
scoring_elements 0.88864
published_at 2026-06-04T12:55:00Z
1
value 0.04155
scoring_system epss
scoring_elements 0.88882
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-29555
1
reference_url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav
2
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-29555
reference_id CVE-2020-29555
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-29555
4
reference_url https://github.com/advisories/GHSA-gpmf-q5jh-hjx4
reference_id GHSA-gpmf-q5jh-hjx4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gpmf-q5jh-hjx4
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.30
purl pkg:composer/getgrav/grav@1.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-q57k-9vrf-akef
4
vulnerability VCID-r6yg-4kxp-tfay
5
vulnerability VCID-tjh6-wb2e-e7fb
6
vulnerability VCID-uky6-39ye-uqh1
7
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.30
1
url pkg:composer/getgrav/grav@1.7.0
purl pkg:composer/getgrav/grav@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-q57k-9vrf-akef
4
vulnerability VCID-r6yg-4kxp-tfay
5
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0
aliases CVE-2020-29555, GHSA-gpmf-q5jh-hjx4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uky6-39ye-uqh1
10
url VCID-w173-rwhh-2fg3
vulnerability_id VCID-w173-rwhh-2fg3
summary grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3904
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49719
published_at 2026-06-04T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49783
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3904
1
reference_url https://github.com/getgrav/grav
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav
2
reference_url https://github.com/getgrav/grav/commit/afc69a3229bb6fe120b2c1ea27bc6f196ed7284d
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/commit/afc69a3229bb6fe120b2c1ea27bc6f196ed7284d
3
reference_url https://huntr.dev/bounties/b1182515-d911-4da9-b4f7-b4c341a62a8d
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/b1182515-d911-4da9-b4f7-b4c341a62a8d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3904
reference_id CVE-2021-3904
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3904
5
reference_url https://github.com/advisories/GHSA-5jxc-hmqf-3f73
reference_id GHSA-5jxc-hmqf-3f73
reference_type
scores
url https://github.com/advisories/GHSA-5jxc-hmqf-3f73
fixed_packages
0
url pkg:composer/getgrav/grav@1.7.24
purl pkg:composer/getgrav/grav@1.7.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-r6yg-4kxp-tfay
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.24
aliases CVE-2021-3904, GHSA-5jxc-hmqf-3f73
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w173-rwhh-2fg3
11
url VCID-w2rm-j4gr-mffe
vulnerability_id VCID-w2rm-j4gr-mffe
summary 
Cross-site Scripting
Grav allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16126
reference_id
reference_type
scores
0
value 0.00613
scoring_system epss
scoring_elements 0.70229
published_at 2026-06-04T12:55:00Z
1
value 0.00613
scoring_system epss
scoring_elements 0.70271
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16126
1
reference_url https://github.com/getgrav/grav/issues/2657
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/getgrav/grav/issues/2657
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16126
reference_id CVE-2019-16126
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16126
3
reference_url https://github.com/advisories/GHSA-6268-v434-45m5
reference_id GHSA-6268-v434-45m5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6268-v434-45m5
fixed_packages
0
url pkg:composer/getgrav/grav@1.6.16
purl pkg:composer/getgrav/grav@1.6.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-7qs1-13w7-fkgm
3
vulnerability VCID-d8z9-wwfs-8bd7
4
vulnerability VCID-q57k-9vrf-akef
5
vulnerability VCID-r6yg-4kxp-tfay
6
vulnerability VCID-ta5r-m2e1-6qgr
7
vulnerability VCID-tjh6-wb2e-e7fb
8
vulnerability VCID-uky6-39ye-uqh1
9
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.6.16
1
url pkg:composer/getgrav/grav@1.7.0-beta.1
purl pkg:composer/getgrav/grav@1.7.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-d8z9-wwfs-8bd7
3
vulnerability VCID-q57k-9vrf-akef
4
vulnerability VCID-r6yg-4kxp-tfay
5
vulnerability VCID-tjh6-wb2e-e7fb
6
vulnerability VCID-uky6-39ye-uqh1
7
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.1
2
url pkg:composer/getgrav/grav@1.7.0-beta.8
purl pkg:composer/getgrav/grav@1.7.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-51ah-g5xe-4qeg
1
vulnerability VCID-612f-2hre-27bm
2
vulnerability VCID-q57k-9vrf-akef
3
vulnerability VCID-r6yg-4kxp-tfay
4
vulnerability VCID-tjh6-wb2e-e7fb
5
vulnerability VCID-uky6-39ye-uqh1
6
vulnerability VCID-w173-rwhh-2fg3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@1.7.0-beta.8
aliases CVE-2019-16126, GHSA-6268-v434-45m5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2rm-j4gr-mffe
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/getgrav/grav@0.9.36