Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

ghost

npm

The professional publishing platform

View on github.com · View on npmjs.org

Security Advisories for ghost in npm

High
3 months ago

Ghost has incomplete CSRF protections around OTC use GSA_kwCzR0hTQS05bTg0LXdjMjgtdzg5Nc4ABTJg

npm ghost
High
3 months ago

Ghost Vulnerable to Remote Code Execution via Malicious Themes GSA_kwCzR0hTQS1jZ2MyLXJjcmgtcXI1eM4ABTDg

npm ghost
Critical
4 months ago

Ghost has a SQL injection in Content API GSA_kwCzR0hTQS13NTJ2LXY3ODMtZ3c5N84ABSgV

npm ghost
High
4 months ago

Ghost vulnerable to XSS via malicious Portal preview links GSA_kwCzR0hTQS1ndjZxLTJtOTctODgyaM4ABRrD

npm ghost, @tryghost/portal
Moderate
5 months ago

Ghost has SQL Injection in Members Activity Feed GSA_kwCzR0hTQS1nanJwLXhnbWgteDlxcc4ABQ3z

npm ghost
Moderate
5 months ago

Ghost has SSRF via External Media Inliner GSA_kwCzR0hTQS12bWM0LTk4MjgtcjQ4cs4ABQ3y

npm ghost
High
5 months ago

Ghost has Staff Token permission bypass GSA_kwCzR0hTQS05eGc3LW13bXAteG1qeM4ABQ3x

npm ghost
High
5 months ago

Ghost has Staff 2FA bypass GSA_kwCzR0hTQS01ZnA3LWc2NDYtY2NmNM4ABQ3i

npm ghost
Moderate
9 months ago

Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark GSA_kwCzR0hTQS1mN3FnLXhqNDUtdzk1Ns4ABMIm

npm ghost
Moderate
almost 2 years ago

Ghost's improper authentication allows access to member information and actions GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D

npm @tryghost/portal, ghost
Moderate
over 2 years ago

Ghost has possible Cross-site Scripting issue GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7

npm ghost
Moderate
over 2 years ago

Cross-site Scripting in Ghost GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG

npm ghost
Moderate
almost 3 years ago

Ghost vulnerable to arbitrary file read via symlinks in content import GSA_kwCzR0hTQS05Yzl2LXcyMjUtdjVyZ84AA1Uk

npm ghost
High
about 3 years ago

Path Traversal in Ghost GSA_kwCzR0hTQS13Zjd4LWZoNnctMzRyNs4AAzGS

npm ghost
High
about 3 years ago

Ghost vulnerable to information disclosure of private API fields GSA_kwCzR0hTQS1yOTdxLWdoY2gtODJqOc4AAzEw

npm ghost
High
over 3 years ago

ghost vulnerable to unauthorized newsletter modification via improper access controls GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB

npm ghost
Moderate
almost 4 years ago

Ghost vulnerable to remote code execution in locale setting change GSA_kwCzR0hTQS03djI4LWcycHEtZ2dnOM4AArtH

npm ghost
Critical
about 4 years ago

Arbitrary file upload in Ghost GSA_kwCzR0hTQS1mdmM2LXFqcDctbTRnNM06yw

npm ghost
Critical
about 4 years ago

Arbitrary file upload in Ghost GSA_kwCzR0hTQS1mZmhxLWc4NTYtOWYycM06-g

npm ghost
Moderate
over 4 years ago

Member account takeover GSA_kwCzR0hTQS02NXA3LXBqajgtZ2dtcs0V-w

npm ghost
Moderate
over 4 years ago

Remote command injection when using sendmail email transport GSA_kwCzR0hTQS13ZnJqLXFxYzItODNjbc0V0g

npm ghost
Moderate
almost 5 years ago

Privilege escalation: all users can access Admin-level API keys MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1YzItaG00Ni13cDVj

npm ghost
Moderate
about 5 years ago

Server-side request forgery in Ghost CMS MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aDgtN3FmZi1naDZj

npm ghost
Moderate
about 5 years ago

DOM XSS in Theme Preview MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmZ3gtcTI1aC1qeHJn

npm ghost

Filter by Severity

Moderate 13 High 8 Critical 3