Search for packages
| purl | pkg:npm/apostrophe@2.63.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5v79-remg-7ub4
Aliases: GHSA-pv6r-vchh-cxg9 GMS-2020-705 |
Denial of Service in apostrophe Versions of `apostrophe` prior to 2.97.1 are vulnerable to Denial of Service. The `apostrophe-jobs` module sets a callback for incoming jobs and doesn't clear it regardless of its status. This causes the server to accumulate callbacks, allowing an attacker to start a large number of jobs and exhaust system memory. ## Recommendation Upgrade to version 2.97.1 or later. |
Affected by 0 other vulnerabilities. |
|
VCID-82j4-a56g-3kbq
Aliases: CVE-2021-25979 GHSA-9j9m-8wjc-ff96 |
Insufficient Session Expiration Apostrophe CMS versions between which allows unauthenticated remote attackers to hijack recently logged-in users' sessions. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-dsd6-hfud-ekfs
Aliases: CVE-2021-25978 GHSA-4r9c-jghc-cx5m |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Apostrophe CMS versions between to are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed. |
Affected by 0 other vulnerabilities. |
|
VCID-pvxq-3qsf-efc5
Aliases: GHSA-h97g-4mx7-5p2p GMS-2020-704 |
Open Redirect in apostrophe Versions of `apostrophe` prior to 2.92.0 are vulnerable to Open Redirect. The package redirected requests to third-party websites if escaped URLs followed by a trailing `/` were appended at the end. ## Recommendation Update to version 2.92.0 or later. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:37:50.294702+00:00 | GitLab Importer | Affected by | VCID-pvxq-3qsf-efc5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/apostrophe/GMS-2020-704.yml | 38.6.0 |
| 2026-06-04T20:36:24.928917+00:00 | GitLab Importer | Affected by | VCID-5v79-remg-7ub4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/apostrophe/GMS-2020-705.yml | 38.6.0 |
| 2026-06-02T04:40:21.918915+00:00 | GitLab Importer | Affected by | VCID-82j4-a56g-3kbq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/apostrophe/CVE-2021-25979.yml | 38.6.0 |
| 2026-06-02T04:40:21.523203+00:00 | GitLab Importer | Affected by | VCID-dsd6-hfud-ekfs | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/apostrophe/CVE-2021-25978.yml | 38.6.0 |