depscope
Packages
IntegrateAPI DocsCuratorBenchmarkCoverage
Sign inGet API access
depscope/composer/getgrav/grav

getgrav/grav

composerv1.7.52

Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS

320 versions50 deps
getgrav/grav
48
/ 100
Health
update required

getgrav/[email protected] has vulnerabilities — update to latest

Update to >= 1.8.0-beta.27 to fix known vulnerabilities

  • 9 high severity vulnerabilities
Health breakdown0 – 100
25/25
maintenance
0/20
popularity
0/25
security
15/15
maturity
8/15
community
Vulnerabilities
19
9 high10 medium
Advisories (19)
SeverityIDSummaryFixed in
mediumCVE-2025-66306Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel1.8.0-beta.27
mediumCVE-2025-66309Grav is vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab1.8.0-beta.27
highCVE-2025-66294Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass1.8.0-beta.27
mediumCVE-2025-66310Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab1.8.0-beta.27
highCVE-2025-66298Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms1.8.0-beta.27
highCVE-2025-66297Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection1.8.0-beta.27
highCVE-2025-66296Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover1.8.0-beta.27
highCVE-2025-66299Grav is Vulnerable to Security Sandbox Bypass with SSTI (Server Side Template Injection)1.8.0-beta.27
mediumCVE-2025-66304Grav Exposes Password Hashes Leading to privilege escalation1.8.0-beta.27
mediumCVE-2025-66308Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`1.8.0-beta.27
highCVE-2025-66295Grav vulnerable to Path traversal / arbitrary YAML write via user creation leading to Account Takeover / System Corruption1.8.0-beta.27
mediumCVE-2025-66302Grav vulnerable to Path Traversal allowing server files backup1.8.0-beta.27
highCVE-2025-66305Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter1.8.0-beta.27
mediumCVE-2025-66311Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters1.11.0-beta.1
highCVE-2025-66300Grav is vulnerable to Arbitrary File Read1.8.0-beta.27
mediumCVE-2025-66307Grav Admin Plugin vulnerable to User Enumeration & Email Disclosure1.8.0-beta.27
mediumCVE-2025-66312Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`1.8.0-beta.27
highCVE-2025-66301Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions1.8.0-beta.27
mediumCVE-2025-66303Grav is vulnerable to a DOS on the admin panel1.8.0-beta.27

Health History

Dependency Tree

License Audit

Dependencies (50)
phpext-jsonext-opensslext-curlext-zipext-domext-libxmlext-gdsymfony/polyfill-mbstringsymfony/polyfill-iconvsymfony/polyfill-php74symfony/polyfill-php80symfony/polyfill-php81psr/simple-cachepsr/http-messagepsr/http-server-middlewarepsr/containernyholm/psr7-servernyholm/psr7twig/twigerusev/parsedownerusev/parsedown-extrasymfony/contractssymfony/yamlsymfony/consolesymfony/event-dispatchersymfony/var-dumpersymfony/processdoctrine/cachedoctrine/collectionsguzzlehttp/psr7filp/whoopsmatthiasmullie/minifymonolog/monologgetgrav/imagegetgrav/cachedonatj/phpuseragentparserpimple/pimplerockettheme/toolboxmaximebf/debugbarleague/climatemiljar/php-exifcomposer/ca-bundledragonmantank/cron-expressionwilldurand/negotiationitsgoingd/clockworksymfony/http-clientcomposer/semverrhukster/dom-sanitizermultiavatar/multiavatar-php
API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/composer/getgrav/grav

Last updated · 2026-04-29T17:47:42+00:00

DepScope

Package intelligence for AI agents. 19 ecosystems.

Resources
API DocumentationHallucination BenchmarkFor EnterpriseSwagger / OpenAPIPopular PackagesCoverageAI Plugin SetupWatch the pitch (60s)
Legal
Legal hubPrivacy PolicyTerms of ServiceCookie PolicyAcceptable UseAttributionDPASub-processorsSecurityImprintContact中文
© 2026 Cuttalo srl — Italy · VAT IT03242390734Built for AI agents