Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/mautic/grapes-js-builder-bundle@6.0.7

Type composer

Namespace mautic

Name grapes-js-builder-bundle

Version 6.0.7

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4ut6-7t9u-fufk

vulnerability_id VCID-4ut6-7t9u-fufk

summary

GrapesJsBuilder File Upload allows all file uploads
Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13827

reference_id

reference_type

scores

value	0.00437
scoring_system	epss
scoring_elements	0.63412
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13827

reference_url

https://github.com/mautic/mautic

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mautic/mautic

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-13827

reference_id

CVE-2025-13827

reference_type

scores

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-13827

reference_url

https://github.com/advisories/GHSA-5xw2-57jx-pgjp

reference_id

GHSA-5xw2-57jx-pgjp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5xw2-57jx-pgjp

reference_url

https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp

reference_id

GHSA-5xw2-57jx-pgjp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-02T17:10:05Z/

url

https://github.com/mautic/mautic/security/advisories/GHSA-5xw2-57jx-pgjp

fixed_packages

url	pkg:composer/mautic/grapes-js-builder-bundle@4.4.18
purl	pkg:composer/mautic/grapes-js-builder-bundle@4.4.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mautic/grapes-js-builder-bundle@4.4.18

url	pkg:composer/mautic/grapes-js-builder-bundle@5.0.0-alpha
purl	pkg:composer/mautic/grapes-js-builder-bundle@5.0.0-alpha
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mautic/grapes-js-builder-bundle@5.0.0-alpha

url	pkg:composer/mautic/grapes-js-builder-bundle@5.2.9
purl	pkg:composer/mautic/grapes-js-builder-bundle@5.2.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mautic/grapes-js-builder-bundle@5.2.9

url	pkg:composer/mautic/grapes-js-builder-bundle@6.0.7
purl	pkg:composer/mautic/grapes-js-builder-bundle@6.0.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/mautic/grapes-js-builder-bundle@6.0.7

aliases CVE-2025-13827, GHSA-5xw2-57jx-pgjp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ut6-7t9u-fufk

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/grapes-js-builder-bundle@6.0.7

Package Instance