VulnerableCode Package Details - pkg:npm/keystone@4.0.0-beta.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/keystone@4.0.0-beta.6

purl	pkg:npm/keystone@4.0.0-beta.6
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-sw46-5p81-kqhv Aliases: CVE-2017-16570 GHSA-q43c-g2g7-6gxj	Cross-Site Request Forgery (CSRF) KeystoneJS allows application-wide CSRF bypass by removing the CSRF parameter and value.	4.0.0-beta.7 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 4.0.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-sw46-5p81-kqhv
Aliases:
CVE-2017-16570
GHSA-q43c-g2g7-6gxj

Cross-Site Request Forgery (CSRF) KeystoneJS allows application-wide CSRF bypass by removing the CSRF parameter and value.

4.0.0-beta.7
Affected by 5 other vulnerabilities.

4.0.0
Affected by 3 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:05:09.601915+00:00	GHSA Importer	Affected by	VCID-sw46-5p81-kqhv	https://github.com/advisories/GHSA-q43c-g2g7-6gxj	38.6.0