VulnerableCode Package Details - pkg:npm/keystone@0.3.21

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/keystone@0.3.21

Essentials
History (4)

purl	pkg:npm/keystone@0.3.21

Next non-vulnerable version	1.0.2
Latest non-vulnerable version	5.5.1
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-2yxf-3ebk-nbeu Aliases: CVE-2017-15879 GHSA-6494-v9fq-fgq2	Improper Input Validation CSV Injection via a value that is mishandled in a CSV export.	4.0.0-beta7 Affected by 0 other vulnerabilities. 4.1.0 Affected by 0 other vulnerabilities.
VCID-m9p7-836k-pqfb Aliases: CVE-2017-15881 GHSA-7cv6-gvx3-m54m	Cross-site Scripting Cross-Site Scripting vulnerability in KeystoneJS allows remote authenticated administrators to inject arbitrary web script or HTML via the `content brief` or `content extended` field.	4.0.0-beta.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.0-beta7 Affected by 0 other vulnerabilities. 4.1.0 Affected by 0 other vulnerabilities.
VCID-ndu1-2s48-pucm Aliases: CVE-2017-15878 GHSA-7qcx-jmrc-h2rr	Cross-site Scripting Possible Cross-site scripting via the "Contact Us feature".	4.0.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sw46-5p81-kqhv Aliases: CVE-2017-16570 GHSA-q43c-g2g7-6gxj	Cross-Site Request Forgery (CSRF) KeystoneJS allows application-wide CSRF bypass by removing the CSRF parameter and value.	4.0.0-beta.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:10:09.030883+00:00	GitLab Importer	Affected by	VCID-sw46-5p81-kqhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keystone/CVE-2017-16570.yml	38.6.0
2026-06-04T20:10:03.046177+00:00	GitLab Importer	Affected by	VCID-m9p7-836k-pqfb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keystone/CVE-2017-15881.yml	38.6.0
2026-06-04T20:09:57.527028+00:00	GitLab Importer	Affected by	VCID-ndu1-2s48-pucm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keystone/CVE-2017-15878.yml	38.6.0
2026-06-04T20:09:50.514208+00:00	GitLab Importer	Affected by	VCID-2yxf-3ebk-nbeu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keystone/CVE-2017-15879.yml	38.6.0