Vulnerabilities in getgrav
61 resultsCVE-2021-21425CRITICALUnauthenticated Arbitrary YAML Write/Update leads to Code ExecutionEPSS 80.5%CVE-2024-27921HIGHGrav File Upload Path Traversal vulnerabilityEPSS 60.6%CVE-2021-29440HIGHTwig allowing dangerous PHP functions by defaultEPSS 30.6%CVE-2022-2073CRITICALCode Injection in getgrav/gravEPSS 9.0%CVE-2024-28116HIGHServer-Side Template Injection (SSTI) with Grav CMS security sandbox bypassEPSS 5.8%CVE-2023-34448HIGHGrav Server-side Template Injection (SSTI) via Twig Default FiltersEPSS 4.5%CVE-2021-3924HIGHPath Traversal in getgrav/gravEPSS 4.2%CVE-2026-42607CRITICALGrav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install FeatureEPSS 3.9%CVE-2024-34082HIGHGrav Arbitrary File Read to Account TakeoverEPSS 3.1%CVE-2025-66294HIGHGrav is vulnerable to RCE via SSTI through Twig Sandbox BypassEPSS 2.6%CVE-2021-29439HIGHPlugins can be installed with minimal admin privilegesEPSS 2.6%CVE-2021-3818MEDIUMReliance on Cookies without Validation and Integrity Checking in getgrav/gravEPSS 2.4%CVE-2023-34251CRITICALGrav Server Side Template Injection vulnerabilityEPSS 2.3%CVE-2023-37897HIGHServer-side Template Injection (SSTI) in gravEPSS 2.3%CVE-2023-34253HIGHGrav vulnerable to Server-side Template Injection (SSTI) via Denylist BypassEPSS 2.1%CVE-2023-34252HIGHGrav Server-side Template Injection via Insufficient Validation in filterFilterEPSS 2.1%CVE-2021-47812CRITICALGravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)EPSS 2.0%CVE-2022-0970HIGHCross-site Scripting (XSS) - Stored in getgrav/gravEPSS 1.8%CVE-2024-28119HIGHGrav vulnerable to Server Side Template Injection (SSTI) via Twig escape handlerEPSS 1.6%CVE-2021-3799MEDIUMImproper Restriction of Rendered UI Layers or Frames in getgrav/grav-plugin-adminEPSS 1.5%