risk 80/100 · critical exploited in the wild

Packagist · craftcms/cms

62 known advisories.

Risk score: 80/100

Transparent, additive — every input shown:

Worst severity: +40
Worst CVSS: +0
Exploited in the wild: +25
Exploit probability (EPSS): +15

Advisories

CVE-2025-32432 — critical · exploited
CVE-2024-56145 — critical · exploited
CVE-2025-23209 — high · exploited
CVE-2025-35939 — medium · exploited
CVE-2026-28697 — critical
CVE-2024-37843 — critical
CVE-2026-44012 — high
CVE-2026-44011 — high
CVE-2026-44010 — high
CVE-2026-33157 — high
CVE-2026-32267 — high
CVE-2026-32264 — high
CVE-2026-32263 — high
CVE-2026-31857 — high
CVE-2026-31858 — high
CVE-2026-29069 — high
CVE-2026-28696 — high
CVE-2026-27127 — high
CVE-2026-25498 — high
CVE-2026-25497 — high
CVE-2026-25495 — high
CVE-2025-68455 — high
CVE-2025-68456 — high
CVE-2025-46731 — high
CVE-2024-52293 — high
CVE-2024-52292 — high
CVE-2024-52291 — high
CVE-2026-41130 — medium
CVE-2026-41129 — medium
CVE-2026-41128 — medium
CVE-2026-33162 — medium
CVE-2026-33159 — medium
CVE-2026-33158 — medium
CVE-2026-33051 — medium
CVE-2026-32262 — medium
CVE-2026-31859 — medium
CVE-2026-28784 — medium
CVE-2026-28782 — medium
CVE-2026-28783 — medium
CVE-2026-28781 — medium
CVE-2026-28695 — medium
CVE-2026-27129 — medium
CVE-2026-27128 — medium
CVE-2026-27126 — medium
CVE-2026-25496 — medium
CVE-2026-25494 — medium
CVE-2026-25493 — medium
CVE-2025-68454 — medium
CVE-2025-68437 — medium
CVE-2025-68436 — medium

Stateward checks every dependency on every pull request and flags craftcms/cms only if your code actually reaches the vulnerable path.

Scan my repo

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.