Grav

Category - CMS

Grav is a free software, self-hosted content management system written in the PHP programming language.



We have discovered  9,810 live websites   that are using Grav.

Download Lead List
Download a sample report


Technology usage statistics

Websites using Grav9,810 websites
Most popular in the country Germany
Market position in CMS#92
Market share in CMS<0.1%
Most popular version1

Security vulnerabilites


PublishedCVETitleDomains
Jan, 2025CVE-2024-35498A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web...14
May, 2024CVE-2024-34082Grav Arbitrary File Read to Account Takeover14
Mar, 2024CVE-2024-27921Grav File Upload Path Traversal vulnerability14
Mar, 2024CVE-2024-28116Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass14
Mar, 2024CVE-2024-28117Grav vulnerable to Server Side Template Injection (SSTI)14
Mar, 2024CVE-2024-28118Grav vulnerable to Server Side Template Injection (SSTI)14
Mar, 2024CVE-2024-28119Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler14
Mar, 2024CVE-2024-27923Remote Code Execution by uploading a phar file using frontmatter14
Jul, 2023CVE-2023-37897Server-side Template Injection (SSTI) in grav14
Jun, 2023CVE-2023-34251Grav Server Side Template Injection vulnerability14
Jun, 2023CVE-2023-34252Grav Server-side Template Injection via Insufficient Validation in filterFilter14
Jun, 2023CVE-2023-34253Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass14
Jun, 2023CVE-2023-34448Grav Server-side Template Injection (SSTI) via Twig Default Filters14
Jun, 2023CVE-2023-34452Grav vulnerable to Self Cross Site Scripting in /forgot_password14
Jun, 2022CVE-2022-2073 Code Injection in getgrav/grav14
Apr, 2022CVE-2022-1173stored xss in getgrav/grav14
Mar, 2022CVE-2022-0970Cross-site Scripting (XSS) - Stored in getgrav/grav14
Mar, 2022CVE-2022-0743Cross-site Scripting (XSS) - Stored in getgrav/grav14
Jan, 2022CVE-2022-0268Cross-site Scripting (XSS) - Stored in getgrav/grav14
Nov, 2021CVE-2021-3924Path Traversal in getgrav/grav14
Oct, 2021CVE-2021-3904Cross-site Scripting (XSS) - Stored in getgrav/grav14
Sep, 2021CVE-2021-3818Reliance on Cookies without Validation and Integrity Checking in getgrav/grav14
Apr, 2021CVE-2021-29439Plugins can be installed with minimal admin privileges14
Apr, 2021CVE-2021-29440Twig allowing dangerous PHP functions by default14
Mar, 2021CVE-2020-29553The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tric...14
Mar, 2021CVE-2020-29555The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to d...14
Mar, 2021CVE-2020-29556The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read ar...14
Apr, 2020CVE-2020-11529Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still...14
Sep, 2019CVE-2019-16126Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.14
Mar, 2018CVE-2018-5233Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before ...14

Technology adoption

Recent changes in Grav usage.
Websites that added Grav 280
Websites that dropped Grav 240

Available Reports


Technology Information


Major Versions

  • 1.xx (1 subversions, 6 domains)
  • 0.xx (4 subversions, 8 domains)

Grav usage by Country

United States2,529 websites



Germany2,919 websites
France987 websites
Switzerland535 websites
Netherlands260 websites
Czech Republic222 websites
Russia194 websites
Poland194 websites
GB192 websites
Italy164 websites

Grav usage by TLD

.com2,752 websites
.de1,919 websites
.org549 websites
.ch442 websites
.fr414 websites
.net398 websites
.nl262 websites
.eu195 websites
.cz190 websites
.it172 websites

Grav Versions

sorted by popularity
16 websites
0.9.374 websites
0.9.432 websites
0.9.341 websites
0.9.451 websites

See all Grav versions ...

Websites utilizing Grav

Top websites that use Grav
DomainCountryRankContacts
tpay.com United States5,714
e-junkie.com United States6,706
getgrav.org United States6,929
flowplayer.com United States18,640
gantry.org United States20,064
design-research.be Belgium21,412
See full domain list

Alternative Technologies


WordPress: Total 14,949,460 domains found using WordPress
Wix: Total 2,103,569 domains found using Wix
Squarespace: Total 1,318,606 domains found using Squarespace
Joomla: Total 910,540 domains found using Joomla
GoDaddy Website Builder: Total 419,394 domains found using GoDaddy Website Builder
Duda: Total 383,064 domains found using Duda
Weebly: Total 362,559 domains found using Weebly
Tumblr: Total 339,960 domains found using Tumblr
Optimizely: Total 332,835 domains found using Optimizely
Drupal: Total 332,365 domains found using Drupal

FAQ

Grav is CMS.
WebTechSurvey continually and systematically explores the internet, indexing technologies employed by websites, including Grav. Our clients can obtain listings of websites utilizing Grav through WebTechSurvey's platform.
There are 9,810 live websites that currently use Grav.
Grav has <0.1% market share in CMS.
The primary competing technologies to Grav are WordPress, Wix, Squarespace, and Joomla.
Grav contains multiple known security vulnerabilities, including CVE-2024-35498, CVE-2024-34082, CVE-2024-27921, and CVE-2024-28116.