Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-13827
CVE-2025-13827
Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution.
Published Dec 3, 2025
https://github.com/advisories/GHSA-5xw2-57jx-pgjp
CVSS Score
High
8.8
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
composer
mautic/grapes-js-builder-bundle
4.0.0
composer
mautic/grapes-js-builder-bundle
4.0.1
composer
mautic/grapes-js-builder-bundle
4.0.2
composer
mautic/grapes-js-builder-bundle
4.1.1
composer
mautic/grapes-js-builder-bundle
4.1.2
composer
mautic/grapes-js-builder-bundle
4.1
composer
mautic/grapes-js-builder-bundle
4.2.0-rc1
composer
mautic/grapes-js-builder-bundle
4.2.0-rc
composer
mautic/grapes-js-builder-bundle
4.2.0
composer
mautic/grapes-js-builder-bundle
4.2.1
composer
mautic/grapes-js-builder-bundle
4.2.2
composer
mautic/grapes-js-builder-bundle
4.3.0-beta
composer
mautic/grapes-js-builder-bundle
4.3.0-rc
composer
mautic/grapes-js-builder-bundle
4.3.0
composer
mautic/grapes-js-builder-bundle
4.3.1
composer
mautic/grapes-js-builder-bundle
4.4.0-beta
composer
mautic/grapes-js-builder-bundle
4.4.0
composer
mautic/grapes-js-builder-bundle
4.4.10
composer
mautic/grapes-js-builder-bundle
4.4.11
composer
mautic/grapes-js-builder-bundle
4.4.12
composer
mautic/grapes-js-builder-bundle
4.4.13
composer
mautic/grapes-js-builder-bundle
4.4.1
composer
mautic/grapes-js-builder-bundle
4.4.2
composer
mautic/grapes-js-builder-bundle
4.4.3
composer
mautic/grapes-js-builder-bundle
4.4.4
composer
mautic/grapes-js-builder-bundle
4.4.5
composer
mautic/grapes-js-builder-bundle
4.4.6
composer
mautic/grapes-js-builder-bundle
4.4.7
composer
mautic/grapes-js-builder-bundle
4.4.8
composer
mautic/grapes-js-builder-bundle
4.4.9
composer
mautic/grapes-js-builder-bundle
5.0.0-rc2
composer
mautic/grapes-js-builder-bundle
5.0.0
composer
mautic/grapes-js-builder-bundle
5.0.1
composer
mautic/grapes-js-builder-bundle
5.0.2
composer
mautic/grapes-js-builder-bundle
5.0.3
composer
mautic/grapes-js-builder-bundle
5.0.4
composer
mautic/grapes-js-builder-bundle
5.1.0
composer
mautic/grapes-js-builder-bundle
5.1.1
composer
mautic/grapes-js-builder-bundle
5.2.0
composer
mautic/grapes-js-builder-bundle
5.2.1
composer
mautic/grapes-js-builder-bundle
5.2.2
composer
mautic/grapes-js-builder-bundle
5.2.3
composer
mautic/grapes-js-builder-bundle
5.2.4
composer
mautic/grapes-js-builder-bundle
5.2.5
composer
mautic/grapes-js-builder-bundle
5.2.6
composer
mautic/grapes-js-builder-bundle
5.2.7
composer
mautic/grapes-js-builder-bundle
5.2.8
composer
mautic/grapes-js-builder-bundle
6.0.0
composer
mautic/grapes-js-builder-bundle
6.0.1
composer
mautic/grapes-js-builder-bundle
6.0.2
1-50 of 54
CVE-2025-13827 | Components Impacted | Sonatype Guide | Sonatype Guide
