{"package":"bolt/core","ecosystem":"composer","latest_version":"6.1.2","description":"🧿 Bolt Core","license":"MIT","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"","repository":"https://github.com/bolt/core","downloads_weekly":0,"health":{"score":63,"risk":"moderate","breakdown":{"maintenance":25,"popularity":0,"security":20,"maturity":15,"community":3},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2021-40219","severity":"high","summary":"Code Injection in Bolt CMS","affected_versions":"<=4.2|=1.0.0-alpha1|=4.0.0|=4.0.0-alpha3|=4.0.0-beta.1|=4.0.0-beta.1.1|=4.0.0-beta.1.2|=4.0.0-beta.1.3|=4.0.0-beta.1.4|=4.0.0-beta.1.5|=4.0.0-beta.1.6|=4.0.0-beta.1.7|=4.0.0-beta.1.8|=4.0.0-beta.2|=4.0.0-beta.2.1|=4.0.0-beta.2.10|=4.0.0-beta.2.2|=4.0.0-beta.2.3|=4.0.0-beta.2.4|=4.0.0-beta.2.5|=4.0.0-beta.2.6|=4.0.0-beta.2.7|=4.0.0-beta.2.8|=4.0.0-beta.2.9|=4.0.0-beta.3|=4.0.0-beta.3.1|=4.0.0-beta.3.2|=4.0.0-beta.3.3|=4.0.0-beta.3.4|=4.0.0-beta.3.5|=4.0.0-beta.3.6|=4.0.0-beta.3.7|=4.0.0-beta.3.8|=4.0.0-beta.4|=4.0.0-beta.4.1|=4.0.0-beta.4.2|=4.0.0-beta.4.3|=4.0.0-beta.4.4|=4.0.0-beta.4.5|=4.0.0-beta.4.6|=4.0.0-beta.5|=4.0.0-beta.5.1|=4.0.0-beta.5.2|=4.0.0-beta.5.3|=4.0.0-beta.5.4|=4.0.0-beta.5.5|=4.0.0-beta.5.6|=4.0.0-beta.5.7|=4.0.0-beta.5.8|=4.0.0-beta.5.9|=4.0.0-rc.1|=4.0.0-rc.10|=4.0.0-rc.11|=4.0.0-rc.12|=4.0.0-rc.13|=4.0.0-rc.14|=4.0.0-rc.15|=4.0.0-rc.16|=4.0.0-rc.17|=4.0.0-rc.18|=4.0.0-rc.19|=4.0.0-rc.2|=4.0.0-rc.20|=4.0.0-rc.21|=4.0.0-rc.22|=4.0.0-rc.23|=4.0.0-rc.24|=4.0.0-rc.25|=4.0.0-rc.26|=4.0.0-rc.27|=4.0.0-rc.28|=4.0.0-rc.29|=4.0.0-rc.3|=4.0.0-rc.31|=4.0.0-rc.32|=4.0.0-rc.33|=4.0.0-rc.34|=4.0.0-rc.35|=4.0.0-rc.37|=4.0.0-rc.39|=4.0.0-rc.4|=4.0.0-rc.40|=4.0.0-rc.41|=4.0.0-rc.42|=4.0.0-rc.43|=4.0.0-rc.44|=4.0.0-rc.5|=4.0.0-rc.6|=4.0.0-rc.7|=4.0.0-rc.8|=4.0.0-rc.9|=4.0.1|=4.1.0|=4.1.10|=4.1.11|=4.1.12|=4.1.13|=4.1.14|=4.1.15|=4.1.16|=4.1.17|=4.1.18|=4.1.19|=4.1.2|=4.1.20|=4.1.21|=4.1.21.1|=4.1.22|=4.1.23|=4.1.3|=4.1.4|=4.1.5|=4.1.6|=4.1.7|=4.1.7.1|=4.1.8|=4.1.9","fixed_version":null,"source":"osv","published_at":"2022-04-12T00:00:34Z","in_kev":false,"epss_prob":0.05034,"epss_percentile":0.89772,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"6.1.2","total_count":253,"recent":["6.1.2","6.1.1","6.1.0","6.0.3","6.0.2","6.0.1","6.0.0","6.0.0-rc.2","6.0.0-rc.1","6.0.0-beta.11","6.0.0-beta.10","6.0.0-beta.9","6.0.0-beta.8","6.0.0-beta.7","6.0.0-beta.6","6.0.0-beta.5","6.0.0-beta.3","6.0.0-beta.2","6.0.0-beta.1","5.2.5"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-04-27T12:31:38+00:00","dependencies_count":86,"dependencies":["php","ext-json","ext-mbstring","ext-pdo","composer-runtime-api","api-platform/core","babdev/pagerfanta-bundle","beberlei/doctrineextensions","bolt/common","bolt/yaml-migrations","cocur/slugify","composer/composer","composer/package-versions-deprecated","doctrine/data-fixtures","doctrine/dbal","doctrine/doctrine-bundle","doctrine/doctrine-fixtures-bundle","doctrine/doctrine-migrations-bundle","doctrine/lexer","doctrine/orm","drupol/composer-packages","embed/embed","erusev/parsedown","erusev/parsedown-extra","fakerphp/faker","illuminate/collections","jasny/twig-extensions","knplabs/knp-menu-bundle","league/glide-symfony","miljar/php-exif","monolog/monolog","nelexa/zip","nelmio/cors-bundle","nesbot/carbon","pagerfanta/doctrine-orm-adapter","php-translation/symfony-bundle","phpdocumentor/reflection-docblock","psr/event-dispatcher","scienta/doctrine-json-functions","siriusphp/upload","squirrelphp/twig-php-syntax","symfony/asset","symfony/cache","symfony/console","symfony/debug-bundle","symfony/dependency-injection","symfony/dotenv","symfony/error-handler","symfony/event-dispatcher","symfony/expression-language","symfony/flex","symfony/form","symfony/framework-bundle","symfony/http-client","symfony/mailer","symfony/mime","symfony/monolog-bridge","symfony/monolog-bundle","symfony/password-hasher","symfony/polyfill-php72","symfony/polyfill-php84","symfony/rate-limiter","symfony/runtime","symfony/security-bundle","symfony/security-csrf","symfony/serializer","symfony/stopwatch","symfony/string","symfony/translation","symfony/twig-bridge","symfony/twig-bundle","symfony/validator","symfony/var-dumper","symfony/var-exporter","symfony/web-profiler-bundle","symfony/webpack-encore-bundle","symfony/yaml","symfonycasts/reset-password-bundle","twig/extra-bundle","twig/html-extra","twig/intl-extra","twig/twig","ua-parser/uap-php","webimpress/safe-writer","webonyx/graphql-php","xemlock/htmlpurifier-html5"]},"github_stats":{"stars":582,"forks":181,"open_issues":40,"is_archived":false,"pushed_at":"2026-04-27T12:31:40Z","subscribers_count":17},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"6.1.2","version_hint":null,"summary":"bolt/core@6.1.2 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":null,"last_release_days_ago":19,"avg_days_between_releases":null,"release_velocity":"active"}}