Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm ghost Security Advisories
Browse all Security Advisories for npm ghost
Loading...
Moderate
Ecosystems: npm
Packages: @tryghost/portal, ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 3 months ago
GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D
Ghost's improper authentication allows access to member information and actionsEcosystems: npm
Packages: @tryghost/portal, ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 9 months ago
GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issueEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 10 months ago
GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG
Cross-site Scripting in GhostEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: over 1 year ago
GSA_kwCzR0hTQS05Yzl2LXcyMjUtdjVyZ84AA1Uk
Ghost vulnerable to arbitrary file read via symlinks in content importEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: over 1 year ago
High
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 1 year ago
GSA_kwCzR0hTQS13Zjd4LWZoNnctMzRyNs4AAzGS
Path Traversal in GhostEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 1 year ago
GSA_kwCzR0hTQS1yOTdxLWdoY2gtODJqOc4AAzEw
Ghost vulnerable to information disclosure of private API fieldsEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB
ghost vulnerable to unauthorized newsletter modification via improper access controlsEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
GSA_kwCzR0hTQS03djI4LWcycHEtZ2dnOM4AArtH
Ghost vulnerable to remote code execution in locale setting changeEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: over 2 years ago
GSA_kwCzR0hTQS1mdmM2LXFqcDctbTRnNM06yw
Arbitrary file upload in GhostEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: over 2 years ago
GSA_kwCzR0hTQS1mZmhxLWc4NTYtOWYycM06-g
Arbitrary file upload in GhostEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 3 years ago
GSA_kwCzR0hTQS02NXA3LXBqajgtZ2dtcs0V-w
Member account takeoverEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 3 years ago
GSA_kwCzR0hTQS13ZnJqLXFxYzItODNjbc0V0g
Remote command injection when using sendmail email transportEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1YzItaG00Ni13cDVj
Privilege escalation: all users can access Admin-level API keysEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aDgtN3FmZi1naDZj
Server-side request forgery in Ghost CMSEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmZ3gtcTI1aC1qeHJn
DOM XSS in Theme PreviewEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 3 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 2
Ecosystems: 12
Packages: 9,040
Repositories: 2
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
31
directus
26
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
next
18
sequelize
16
tinymce
16
ghost
15
ckeditor4
15
swagger-ui
14
joplin
14
strapi
13
undici
13
angular
13
nodebb
12
vm2
12
marked
11
tinymce/tinymce
11
TinyMCE
11
bootstrap
11
matrix-js-sdk
11
handlebars
11
nocodb
10
flowise
10
twbs/bootstrap
9
bootstrap
9
@evershop/evershop
9
@strapi/strapi
9
next-auth
9
bootstrap
9
serve
9
org.webjars:bootstrap
9
matrix-react-sdk
9
url-parse
8
steal
8
tar
8
editor.md
8
systeminformation
8
npm
8
jquery
8
node-forge
8
org.webjars.npm:jquery
8
jsrsasign
8
jquery-rails
8
matrix-appservice-irc
8
urijs
8
validator
8
express-cart
8
bootstrap-sass
7
lodash
7
bootstrap.sass
7
hermes-engine
7
shescape
7
dompurify
7
uptime-kuma
7
snyk-broker
7
sanitize-html
7
hapi
7
jquery-ui
7
jquery-ui-rails
7
elliptic
7
org.webjars.npm:jquery-ui
7
jQuery
7
jQuery.UI.Combined
7
total.js
7
vite
7
aaptjs
6
bootstrap-sass
6
safe-eval
6
@strapi/plugin-users-permissions
6
parse-url
6
rsshub
6
axios
5
openpgp
5
mysql2
5
ejs
5
rendertron
5
xlsx
5
sweetalert2
5
ws
5
keystone
5
@saltcorn/server
5
yarn
5
prismjs
5
lunary
5
public
5
ua-parser-js
5
total4
5
mermaid
5
lodash-es
5
vditor
5
mongoose
5
mattermost-desktop
5
dojo
5
qs
4
generator-jhipster
4
safer-eval
4
valine
4
auth0-js
4
ecstatic
4
moment
4
simple-markdown
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
aws-iot-device-sdk-v2
4
awsiotsdk
4
fast-xml-parser
4
jsonwebtoken
4
follow-redirects
4
auth0-lock
4
katex
4
meshcentral
4
convert-svg-core
4
express
4
@backstage/plugin-scaffolder-backend
4
simple-git
4
@lobehub/chat
4
apostrophe
4
@keystone-6/core
4
realms-shim
4
muhammara
4
vega
4
hummus
4
mongo-express
4
apollo-server-core
4
engine.io
4
fastify
4
materialize-css
4
glance
4
remarkable
4
hono
4
send
3
yapi-vendor
3
wrangler
3
agnai
3
slpjs
3
dns-sync
3
libxmljs
3
connect
3
org.webjars.npm:xlsx
3
xdLocalStorage
3
@builder.io/qwik
3
llhttp
3
immer
3
ftp-srv
3
nuxt
3
mathjs
3
locutus
3
mixme
3
json-ptr
3
xmldom
3
codecov
3
buttle
3
parsel
3
statics-server
3
slp-validate
3
js-yaml
3
http-live-simulator
3
m-server
3
apollo-server
3
node-jose
3
code-server
3
froala-editor
3
json-pointer
3
browserify-shim
3
socket.io-file
3
mysql
3
keycloak-connect
3
nodemailer
3
@strapi/utils
3
grunt
3
ids-enterprise
3
notevil
3
bin-links
3
subtext
3
@hapi/subtext
3
highcharts
3
docsify
3
openmct
3
@commercial/subtext
3
typeorm
3
ag-grid-community
3
@vrite/sdk
3
@uppy/companion
3
@strapi/plugin-content-manager
3
@soketi/soketi
3
stimulsoft-dashboards-js
3
@janhq/core
3
@jmondi/url-to-png
3
blamer
3
jquery-validation
3
snyk
3
nadesiko3
3
passport-wsfed-saml2
3
express-fileupload
3
node-ipc
3
@cubejs-backend/api-gateway
3
mxgraph
3
node-fetch
3
serialize-to-js
3
Filter by Repository