Package impact
Packagist / getgrav/grav
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42607 | critical | 9.1 | 10.0 | 29d ago | Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature | |||
| CVE-2025-66294 | unknown | — | 1.0 | 6mo ago | Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass | |||
| CVE-2025-66301 | unknown | — | 1.0 | 6mo ago | Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions | |||
| CVE-2021-29440 | unknown | — | 1.0 | 5y ago | Grav's Twig processing allowing dangerous PHP functions by default |