Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@keystone-6/core

npm

Keystone-6 is the latest version of Keystone. To get help with this package join the conversation in [Slack](https://community.keystonejs.com/), or [Github](https://github.com/keystonejs/keystone/).

View on github.com · View on npmjs.org

Security Advisories for @keystone-6/core in npm

Low
6 months ago

Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields GSA_kwCzR0hTQS1oZzltLTY3bW0tN3BnM84ABHej

npm @keystone-6/core
Moderate
about 2 years ago

When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible GSA_kwCzR0hTQS05Y3ZjLXY3d20tOTkyY84AA1Uh

npm @keystone-6/core
Low
over 2 years ago

@keystone-6/core's bundled cuid package known to be insecure GSA_kwCzR0hTQS01ZnA2LTR4dzMteHFxM84AAzyU

npm @keystone-6/core
Critical
almost 3 years ago

@keystone-6/core's NODE_ENV defaults to development with esbuild GSA_kwCzR0hTQS0yNW14LTJteG0tNjM0M84AAvsH

npm @keystone-6/core
Critical
about 3 years ago

Field-level access-control bypass for multiselect field GSA_kwCzR0hTQS02bWhyLTUybXYtNnY2Zs4AAvaQ

npm @keystone-6/core

Filter by Severity

Low 2 Critical 2 Moderate 1