Is getgrav/grav safe to use?

getgrav/grav has 19 known vulnerabilities on the latest version (1.7.52). DepScope rates its health at 48/100 (high risk).

What is the latest version of getgrav/grav?

The latest version of getgrav/grav is 1.7.52, released 2026-04-29.

Yes. getgrav/grav has 19 known vulnerabilities. See depscope.dev/pkg/composer/getgrav/grav for details.

No, getgrav/grav is actively maintained. Latest release: 1.7.52 (2026-04-29).

DepScope has no curated alternatives for getgrav/grav at this time.

License information for getgrav/grav is not declared in the registry metadata.

composerv1.7.52

Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS

320 versions50 deps

/ 100

Health

update required

getgrav/[email protected] has vulnerabilities — update to latest

Update to >= 1.8.0-beta.27 to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

0/25

security

15/15

maturity

8/15

community

Vulnerabilities

9 high10 medium

Advisories (19)

Severity	ID	Summary	Fixed in
medium	CVE-2025-66306	Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel	1.8.0-beta.27
medium	CVE-2025-66309	Grav is vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab	1.8.0-beta.27
high	CVE-2025-66294	Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass

Dependencies (50)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/composer/getgrav/grav

Last updated · 2026-04-29T17:47:42+00:00