{"package":"anchorcms/anchor-cms","ecosystem":"composer","latest_version":"0.12.7","description":"Anchor is a free, lightweight, faster-than-a-bullet, simple blogging system, made for art–directed posts.","license":"GPL-3.0","license_risk":"strong_copyleft","commercial_use_notes":"GPL-3.0: derivative works must release source under GPL; includes explicit patent grant.","homepage":"","repository":"https://github.com/anchorcms/anchor-cms","downloads_weekly":0,"health":{"score":0,"risk":"critical","breakdown":{"maintenance":0,"popularity":0,"security":14,"maturity":9,"community":5},"deprecated":true,"max_score":100},"vulnerabilities":{"count":4,"critical":0,"high":1,"medium":3,"low":0,"details":[{"vuln_id":"CVE-2024-29338","severity":"medium","summary":"Cross-Site Request Forgery in Anchor CMS","affected_versions":"<=0.12.7|=0.11|=0.12|=0.12.1|=0.12.3|=0.12.3a|=0.12.6|=0.12.7|=0.9|=0.9.1|=0.9.2|=0.9.3|=0.9.3-a|=0.9.3-b|=0.9.3.1-a","fixed_version":null,"source":"osv","published_at":"2024-03-22T18:30:31Z","in_kev":false,"epss_prob":0.00089,"epss_percentile":0.25226,"threat_tier":"theoretical"},{"vuln_id":"CVE-2022-25576","severity":"medium","summary":"Cross-Site Request Forgery in Anchor CMS","affected_versions":"<=0.12.7|=0.11|=0.12|=0.12.1|=0.12.3|=0.12.3a|=0.12.6|=0.12.7|=0.9|=0.9.1|=0.9.2|=0.9.3|=0.9.3-a|=0.9.3-b|=0.9.3.1-a","fixed_version":null,"source":"osv","published_at":"2022-03-26T00:00:34Z","in_kev":false,"epss_prob":0.00115,"epss_percentile":0.29796,"threat_tier":"theoretical"},{"vuln_id":"CVE-2024-29499","severity":"high","summary":"Cross-Site Request Forgery in Anchor CMS","affected_versions":"<=0.12.7|=0.11|=0.12|=0.12.1|=0.12.3|=0.12.3a|=0.12.6|=0.12.7|=0.9|=0.9.1|=0.9.2|=0.9.3|=0.9.3-a|=0.9.3-b|=0.9.3.1-a","fixed_version":null,"source":"osv","published_at":"2024-03-22T18:30:31Z","in_kev":false,"epss_prob":0.00075,"epss_percentile":0.22429,"threat_tier":"theoretical"},{"vuln_id":"CVE-2021-44116","severity":"medium","summary":"Cross-site Scripting in Anchor CMS","affected_versions":"<=0.12.7|=0.11|=0.12|=0.12.1|=0.12.3|=0.12.3a|=0.12.6|=0.12.7|=0.9|=0.9.1|=0.9.2|=0.9.3|=0.9.3-a|=0.9.3-b|=0.9.3.1-a","fixed_version":null,"source":"osv","published_at":"2022-01-05T14:54:36Z","in_kev":false,"epss_prob":0.0024,"epss_percentile":0.47213,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"0.12.7","total_count":14,"recent":["0.12.7","0.12.6","0.12.3","0.12.3a","0.12.1","0.12","0.11","0.9.3.1-a","0.9.3","0.9.3-b","0.9.3-a","0.9.2","0.9.1","0.9"]},"metadata":{"deprecated":true,"deprecated_message":null,"maintainers_count":5,"first_published":null,"last_published":"2018-03-07T12:11:40+00:00","dependencies_count":4,"dependencies":["php","ircmaxell/random-lib","ircmaxell/password-compat","indigophp/hash-compat"]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"find_alternative","issues":["Moderate health score (0/100) — verify manually","1 high severity vulnerabilities","Package is deprecated"],"use_version":"0.12.7","version_hint":null,"summary":"anchorcms/anchor-cms is deprecated — find an alternative"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":351,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":14,"first_release_age_days":null,"last_release_days_ago":2978,"avg_days_between_releases":null,"release_velocity":"stale"}}