Package impact
Packagist / getgrav/grav
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42610 | medium | 6.5 | 6.5 | 1mo ago | Grav Vulnerable to Sensitive Information Disclosure via Accounts Service Bypass | |||
| CVE-2026-44737 | medium | — | 5.5 | 27d ago | Grav: Stored XSS via page title (data[header][title]) in admin panel | |||
| CVE-2026-42612 | medium | 5.4 | 5.4 | 1mo ago | Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes | |||
| CVE-2026-42842 | medium | 5.4 | 5.4 | 1mo ago | Grav Vulnerable to XSS via Taxonomy Field Values in Admin Panel | |||
| CVE-2026-7317 | medium | 5.0 | 5.0 | 1mo ago | Grav has Insecure Deserialization in File Cache | |||
| CVE-2026-42841 | medium | 4.8 | 4.8 | 1mo ago | Grav CMS vulnerable to stored XSS via Markdown media attribute() action |