-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Security: getgrav/grav
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Grav Server-side Template Injection (SSTI) via Twig Default FiltersGHSA-whr7-m3f8-mpm8 published
Jun 14, 2023 by rhuksterHigh -
Grav Server-side Template Injection (SSTI) via Denylist Bypass VulnerabilityGHSA-j3v8-v77f-fvgm published
Jun 14, 2023 by rhuksterHigh -
Self Cross Site Scripting (XSS) in /forgot_passwordGHSA-xcr8-cc2j-62fc published
Jun 14, 2023 by rhuksterModerate -
Twig allowing dangerous PHP functions by defaultGHSA-g8r4-p96j-xfxc published
Apr 13, 2021 by rhuksterHigh -
XSS vulnerability in default security configuration when using Admin plugin to edit pagesGHSA-cvmr-6428-87w9 published
Dec 10, 2020 by rhuksterModerate