ghost Security Advisories - Npm | Ecosyste.ms: Advisories

ghost

npm · The professional publishing platform · Repository · Package

Security Advisories for ghost in npm

Moderate

17 days ago

Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark GSA_kwCzR0hTQS1mN3FnLXhqNDUtdzk1Ns4ABMIm

npm ghost

Moderate

about 1 year ago

Ghost's improper authentication allows access to member information and actions GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D

npm @tryghost/portal, ghost

Moderate

over 1 year ago

Ghost has possible Cross-site Scripting issue GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7

npm ghost

Moderate

over 1 year ago

Cross-site Scripting in Ghost GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG

npm ghost

Moderate

about 2 years ago

Ghost vulnerable to arbitrary file read via symlinks in content import GSA_kwCzR0hTQS05Yzl2LXcyMjUtdjVyZ84AA1Uk

npm ghost

High

over 2 years ago

Path Traversal in Ghost GSA_kwCzR0hTQS13Zjd4LWZoNnctMzRyNs4AAzGS

npm ghost

High

over 2 years ago

Ghost vulnerable to information disclosure of private API fields GSA_kwCzR0hTQS1yOTdxLWdoY2gtODJqOc4AAzEw

npm ghost

High

almost 3 years ago

ghost vulnerable to unauthorized newsletter modification via improper access controls GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB

npm ghost

Moderate

over 3 years ago

Ghost vulnerable to remote code execution in locale setting change GSA_kwCzR0hTQS03djI4LWcycHEtZ2dnOM4AArtH

npm ghost

Critical

over 3 years ago

Arbitrary file upload in Ghost GSA_kwCzR0hTQS1mdmM2LXFqcDctbTRnNM06yw

npm ghost

Critical

over 3 years ago

Arbitrary file upload in Ghost GSA_kwCzR0hTQS1mZmhxLWc4NTYtOWYycM06-g

npm ghost

Moderate

about 4 years ago

Member account takeover GSA_kwCzR0hTQS02NXA3LXBqajgtZ2dtcs0V-w

npm ghost

Moderate

about 4 years ago

Remote command injection when using sendmail email transport GSA_kwCzR0hTQS13ZnJqLXFxYzItODNjbc0V0g

npm ghost

Moderate

about 4 years ago

Privilege escalation: all users can access Admin-level API keys MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1YzItaG00Ni13cDVj

npm ghost

Moderate

over 4 years ago

Server-side request forgery in Ghost CMS MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aDgtN3FmZi1naDZj

npm ghost

Moderate

over 4 years ago

DOM XSS in Theme Preview MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmZ3gtcTI1aC1qeHJn

npm ghost

Filter by Severity

Moderate 11 High 3 Critical 2

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

ghost

Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark GSA_kwCzR0hTQS1mN3FnLXhqNDUtdzk1Ns4ABMIm

Ghost's improper authentication allows access to member information and actions GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D

Ghost has possible Cross-site Scripting issue GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7

Cross-site Scripting in Ghost GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG

Ghost vulnerable to arbitrary file read via symlinks in content import GSA_kwCzR0hTQS05Yzl2LXcyMjUtdjVyZ84AA1Uk

Path Traversal in Ghost GSA_kwCzR0hTQS13Zjd4LWZoNnctMzRyNs4AAzGS

Ghost vulnerable to information disclosure of private API fields GSA_kwCzR0hTQS1yOTdxLWdoY2gtODJqOc4AAzEw

ghost vulnerable to unauthorized newsletter modification via improper access controls GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB

Ghost vulnerable to remote code execution in locale setting change GSA_kwCzR0hTQS03djI4LWcycHEtZ2dnOM4AArtH

Arbitrary file upload in Ghost GSA_kwCzR0hTQS1mdmM2LXFqcDctbTRnNM06yw

Arbitrary file upload in Ghost GSA_kwCzR0hTQS1mZmhxLWc4NTYtOWYycM06-g

Member account takeover GSA_kwCzR0hTQS02NXA3LXBqajgtZ2dtcs0V-w

Remote command injection when using sendmail email transport GSA_kwCzR0hTQS13ZnJqLXFxYzItODNjbc0V0g

Privilege escalation: all users can access Admin-level API keys MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1YzItaG00Ni13cDVj

Server-side request forgery in Ghost CMS MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aDgtN3FmZi1naDZj

DOM XSS in Theme Preview MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmZ3gtcTI1aC1qeHJn

Filter by Severity