-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Security: getgrav/grav
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Arbitrary File Read to Account TakeoverGHSA-f8v5-jmfh-pr69 published
May 15, 2024 by rhuksterHigh -
File Upload Path TraversalGHSA-m7hx-hw6h-mqmc published
Mar 21, 2024 by rhuksterHigh -
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypassGHSA-c9gp-64c4-2rrh published
Mar 21, 2024 by rhuksterHigh -
Server Side Template Injection (SSTI)GHSA-qfv4-q44r-g7rv published
Mar 21, 2024 by rhuksterHigh -
Server Side Template Injection (SSTI)GHSA-r6vw-8v8r-pmp4 published
Mar 21, 2024 by rhuksterHigh -
Server Side Template Injection (SSTI) via Twig escape handlerGHSA-2m7x-c7px-hp58 published
Mar 21, 2024 by rhuksterHigh -
Remote Code Execution by uploading a phar file using frontmatterGHSA-f6g2-h7qv-3m5v published
Mar 4, 2024 by rhuksterCritical -
Server-side Template Injection (SSTI) mitigation bypass via incorrect filtering of double backslashGHSA-9436-3gmp-4f53 published
Jul 18, 2023 by rhuksterHigh -
Server Side Template Injection (SSTI)GHSA-f9jf-4cp4-4fq5 published
Jun 14, 2023 by rhuksterCritical -
Grav Server-side Template Injection (SSTI) via Insufficient Validation in filterFilterGHSA-96xv-rmwj-6p9w published
Jun 14, 2023 by rhuksterHigh