Getgrav Security Vulnerabilities (CVEs)
Track 37 security vulnerabilities affecting Getgrav products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Grav CMS versions before 1.7.49.5 contain a stored cross-site scripting vulnerability in page editing functionality. Authenticated users with content ...
Dec 15, 2025This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Grav CMS versions before 1.7.49.5. Attackers can exploit Twig template proces...
Dec 15, 2025Grav CMS 1.7.49 contains a stored cross-site scripting vulnerability in its page editor. Authenticated users can inject malicious JavaScript via <scri...
Dec 2, 2025A stored XSS vulnerability in Grav's admin plugin allows attackers to inject malicious scripts into page templates. These scripts execute automaticall...
Dec 1, 2025This stored XSS vulnerability in Grav's admin plugin allows attackers to inject malicious scripts into page metadata fields. When an administrator vie...
Dec 1, 2025A stored cross-site scripting (XSS) vulnerability in Grav's admin plugin allows attackers to inject malicious scripts into group names. When administr...
Dec 1, 2025Grav CMS versions before 1.8.0-beta.27 expose password hashes to users with read access to the admin panel's user management section. This allows atta...
Dec 1, 2025A Denial of Service vulnerability in Grav's admin panel allows attackers to crash the entire web application by submitting malformed input to the Lang...
Dec 1, 2025Grav CMS versions before 1.8.0-beta.27 contain an IDOR vulnerability in the admin panel that allows low-privilege users to access sensitive informatio...
Dec 1, 2025This vulnerability in Grav's admin plugin allows attackers to enumerate valid usernames and discover associated email addresses through the 'Forgot Pa...
Dec 1, 2025A stored XSS vulnerability in Grav's admin plugin allows attackers to inject malicious scripts into the site configuration's taxonomies parameter. The...
Dec 1, 2025This reflected XSS vulnerability in Grav's admin plugin allows attackers to inject malicious scripts via the data[header][content][items] parameter in...
Dec 1, 2025This CVE describes a Server-Side Template (SST) vulnerability in Grav CMS that allows attackers to extract sensitive configuration details through spe...
Dec 1, 2025Grav CMS versions before 1.8.0-beta.27 contain a Server-Side Template Injection vulnerability that allows authenticated users with editor permissions ...
Dec 1, 2025A low-privilege user with page editing access in Grav can read arbitrary server files, including sensitive user account files containing password hash...
Dec 1, 2025This vulnerability allows editors with limited permissions in Grav CMS to modify form processing logic by manipulating YAML frontmatter in POST reques...
Dec 1, 2025Grav CMS versions before 1.8.0-beta.27 contain a path traversal vulnerability in the backup tool that allows authenticated administrators to read arbi...
Dec 1, 2025A Denial of Service vulnerability in Grav allows attackers to disrupt the admin panel by submitting malicious cron expressions in the scheduled_at par...
Dec 1, 2025This vulnerability allows authenticated users with account creation privileges to perform path traversal attacks when creating new users in Grav CMS. ...
Dec 1, 2025A privilege escalation vulnerability in Grav's Admin plugin allows users with create-user permissions to overwrite administrator accounts by creating ...
Dec 1, 2025This vulnerability allows authenticated users with admin panel access in Grav CMS to escalate privileges to full admin or execute arbitrary system com...
Dec 1, 2025This Server-Side Template Injection (SSTI) vulnerability in Grav allows authenticated users with editor permissions to execute arbitrary commands on t...
Dec 1, 2025Grav CMS version 1.7.49.5 contains a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages viewed ...
Nov 3, 2025This vulnerability allows authenticated admin users in Grav CMS to upload malicious plugins through the direct-install interface, leading to arbitrary...
Aug 6, 2025A cross-site scripting (XSS) vulnerability in Grav CMS versions 1.7.48 and earlier allows attackers to inject malicious scripts into form fields. When...
Jul 25, 2025This vulnerability in Grav CMS allows low-privileged users with page edit permissions to read arbitrary server files using Twig syntax, including sens...
May 15, 2024This vulnerability in Grav CMS allows administrative users to bypass SSTI mitigations and execute arbitrary code through Twig template processing. Att...
Mar 21, 2024Grav CMS versions before 1.7.45 contain a file upload path traversal vulnerability that allows attackers to upload malicious files to arbitrary locati...
Mar 21, 2024Grav CMS versions before 1.7.45 contain a Server-Side Template Injection vulnerability that allows authenticated users with editor permissions to exec...
Mar 21, 2024Grav CMS versions 1.7.42 and later contain a server-side template injection vulnerability due to an incorrect security check that allows bypassing fun...
Jul 18, 2023This vulnerability allows attackers with login access to Grav's Admin panel and page creation/update permissions to inject malicious templates and ach...
Jun 14, 2023CVE-2023-34251 is a server-side template injection vulnerability in Grav CMS that allows authenticated users with page editing privileges to execute a...
Jun 14, 2023CVE-2022-2073 is a code injection vulnerability in Grav CMS that allows attackers to execute arbitrary code on affected systems. This affects Grav ins...
Jun 29, 2022CVE-2021-3924 is a path traversal vulnerability in Grav CMS that allows attackers to read arbitrary files outside the intended directory. This affects...
Nov 5, 2021CVE-2021-29439 is an improper privilege verification vulnerability in Grav admin plugin that allows users with only login permissions to install third...
Apr 13, 2021CVE-2021-21425 is an unauthenticated remote code execution vulnerability in Grav Admin Plugin that allows attackers to execute arbitrary methods witho...
Apr 7, 2021This CSRF vulnerability in Grav CMS Scheduler allows attackers to trick authenticated administrators into executing arbitrary system commands by visit...
Mar 15, 2021Why Monitor Getgrav Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 37+ known vulnerabilities affecting Getgrav products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Getgrav packages in under 60 seconds. No agents required - completely agentless scanning that works across Getgrav deployments.
Free vulnerability database: Access detailed information about every Getgrav CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Getgrav CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
