Security
Headlines

Headlines Latest CVEs

Headline

GHSA-729w-j79f-2c34: Grav may be vulnerable to SSRF attack via Twig Templates

In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered.

8 days ago

#git #intel #php #ssrf

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-66844

Grav may be vulnerable to SSRF attack via Twig Templates

Critical severity GitHub Reviewed Published Dec 15, 2025 to the GitHub Advisory Database • Updated Dec 17, 2025

Package

Affected versions

<= 1.7.49.5

Description

Published to the GitHub Advisory Database

Dec 15, 2025

Last updated

Dec 17, 2025

ghsa: Latest News

GHSA-r399-636x-v7f6: LangChain serialization injection vulnerability enables secret extraction

5 hours ago

GHSA-hm5p-x4rq-38w4: httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

5 hours ago

GHSA-c67j-w6g6-q2cm: LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

6 hours ago

GHSA-pp3g-xmm4-5cw9: Home Assistant Core before is vulnerable to Directory Traversal

6 hours ago

GHSA-qx44-p258-3c2v: Cadmium CMS has a background arbitrary file upload vulnerability

6 hours ago