{"url":"http://public2.vulnerablecode.io/api/packages/250503?format=json","purl":"pkg:npm/ghost@2.16.2","type":"npm","namespace":"","name":"ghost","version":"2.16.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.19.3","latest_non_vulnerable_version":"6.19.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50641?format=json","vulnerability_id":"VCID-3ccc-5hyx-8bfy","summary":"Ghost Vulnerable to Remote Code Execution via Malicious Themes\nSpecifically crafted malicious themes can execute arbitrary code on the server running Ghost.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0922","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09191","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09162","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0924","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09221","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053","reference_id":"CVE-2026-29053","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053"},{"reference_url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"GHSA-cgc2-rcrh-qr5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"GHSA-cgc2-rcrh-qr5x","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-05T15:29:20Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74127?format=json","purl":"pkg:npm/ghost@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rdn5-yatw-jfcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1"}],"aliases":["CVE-2026-29053","GHSA-cgc2-rcrh-qr5x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ccc-5hyx-8bfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46996?format=json","vulnerability_id":"VCID-ayht-7ufu-17fa","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nGhost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724","reference_id":"","reference_type":"","scores":[{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97326","published_at":"2026-06-09T12:55:00Z"},{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-06-08T12:55:00Z"},{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97323","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/19646","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/19646"},{"reference_url":"https://rhinosecuritylabs.com/blog","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhinosecuritylabs.com/blog"},{"reference_url":"https://rhinosecuritylabs.com/blog/","reference_id":"blog","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://rhinosecuritylabs.com/blog/"},{"reference_url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724","reference_id":"CVE-2024-23724","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724","reference_id":"CVE-2024-23724","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724"},{"reference_url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm","reference_id":"GHSA-99vc-xw8j-phjm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm"}],"fixed_packages":[],"aliases":["CVE-2024-23724","GHSA-99vc-xw8j-phjm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ayht-7ufu-17fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52402?format=json","vulnerability_id":"VCID-bq1f-xtdx-5fe5","summary":"Server-Side Request Forgery (SSRF)\nServer-side request forgery (SSRF) vulnerability in Ghost CMS allows an attacker to scan local or external network or otherwise interact with internal systems.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8134","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53535","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53505","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53564","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53573","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.5356","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8134"},{"reference_url":"https://hackerone.com/reports/793704","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/793704"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8134","reference_id":"CVE-2020-8134","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8134"},{"reference_url":"https://github.com/advisories/GHSA-q4h8-7qff-gh6c","reference_id":"GHSA-q4h8-7qff-gh6c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q4h8-7qff-gh6c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76940?format=json","purl":"pkg:npm/ghost@3.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gnc6-cpen-4fd7"},{"vulnerability":"VCID-nz5j-jdbu-2bd2"},{"vulnerability":"VCID-q9ty-mpku-13fg"},{"vulnerability":"VCID-qrjm-axkj-37c4"},{"vulnerability":"VCID-wv6g-5a6k-gfhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@3.10.0"}],"aliases":["CVE-2020-8134","GHSA-q4h8-7qff-gh6c"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bq1f-xtdx-5fe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46868?format=json","vulnerability_id":"VCID-gdm7-4ufz-kydq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nGhost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29619","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.296","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29688","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29652","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29586","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/17190","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/17190"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"},{"reference_url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725","reference_id":"CVE-2024-23725","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725"},{"reference_url":"https://github.com/advisories/GHSA-fh38-9fgr-454w","reference_id":"GHSA-fh38-9fgr-454w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh38-9fgr-454w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68571?format=json","purl":"pkg:npm/ghost@5.76.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-fjk7-enzv-a7hm"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.76.0"}],"aliases":["CVE-2024-23725","GHSA-fh38-9fgr-454w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdm7-4ufz-kydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45132?format=json","vulnerability_id":"VCID-gnc6-cpen-4fd7","summary":"Ghost vulnerable to information disclosure of private API fields\n### Impact\n\nDue to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.\n\nGhost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added.\n\nSelf-hosters are impacted if running Ghost a version below v5.46.1. Immediate action should be taken to secure your site - see patches and workarounds below.\n\n### Patches\n\nv5.46.1 contains a fix for this issue.\n\n### Workarounds\n\nAdd a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Email us at [security@ghost.org](mailto:security@ghost.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"0.06897","scoring_system":"epss","scoring_elements":"0.91552","published_at":"2026-06-08T12:55:00Z"},{"value":"0.06897","scoring_system":"epss","scoring_elements":"0.91556","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06897","scoring_system":"epss","scoring_elements":"0.91555","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06897","scoring_system":"epss","scoring_elements":"0.91558","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0717","scoring_system":"epss","scoring_elements":"0.91743","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133"},{"reference_url":"https://github.com/advisories/GHSA-r97q-ghch-82j9","reference_id":"GHSA-r97q-ghch-82j9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r97q-ghch-82j9"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9","reference_id":"GHSA-r97q-ghch-82j9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65060?format=json","purl":"pkg:npm/ghost@5.46.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-fjk7-enzv-a7hm"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-q9ty-mpku-13fg"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.46.1"}],"aliases":["CVE-2023-31133","GHSA-r97q-ghch-82j9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnc6-cpen-4fd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110813?format=json","vulnerability_id":"VCID-nz5j-jdbu-2bd2","summary":"Ghost vulnerable to remote code execution in locale setting change\n### Impact\n\nA [vulnerability](https://www.cve.org/CVERecord?id=CVE-2022-24785) in an upstream library means an authenticated attacker can abuse locale input to execute arbitrary commands from a file that has previously been uploaded using the file upload functionality in the post editor.\n\n### Patches\n\nFixed in 5.2.3, all 5.x sites should update as soon as possible.\nFixed in 4.48.2, all 4.x sites should update as soon as possible.\n\n### Workarounds\n\nPatched versions of Ghost add validation to the locale input to prevent execution of arbitrary files. Updating Ghost is the quickest complete solution.\n\nAs a workaround, if for any reason you cannot update your Ghost instance, you can block the `POST /ghost/api/admin/settings/` endpoint, which will also disable updating settings for your site.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Email us at [security@ghost.org](mailto:security@ghost.org)\n\n### Credits\n\n* devx00 - https://twitter.com/devx00","references":[{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-7v28-g2pq-ggg8","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-7v28-g2pq-ggg8"},{"reference_url":"https://github.com/advisories/GHSA-7v28-g2pq-ggg8","reference_id":"GHSA-7v28-g2pq-ggg8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7v28-g2pq-ggg8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149589?format=json","purl":"pkg:npm/ghost@4.48.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gnc6-cpen-4fd7"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-q9ty-mpku-13fg"},{"vulnerability":"VCID-qrjm-axkj-37c4"},{"vulnerability":"VCID-veks-j6ht-hyga"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.48.2"},{"url":"http://public2.vulnerablecode.io/api/packages/149590?format=json","purl":"pkg:npm/ghost@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gnc6-cpen-4fd7"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-q9ty-mpku-13fg"},{"vulnerability":"VCID-qrjm-axkj-37c4"},{"vulnerability":"VCID-veks-j6ht-hyga"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.2.3"}],"aliases":["GHSA-7v28-g2pq-ggg8","GMS-2022-2237"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nz5j-jdbu-2bd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45843?format=json","vulnerability_id":"VCID-q9ty-mpku-13fg","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nGhost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028","reference_id":"","reference_type":"","scores":[{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.99009","published_at":"2026-06-09T12:55:00Z"},{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.9901","published_at":"2026-06-07T12:55:00Z"},{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.99011","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py","reference_id":"CVE-2023-40028","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028","reference_id":"CVE-2023-40028","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028"},{"reference_url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg","reference_id":"GHSA-9c9v-w225-v5rg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg","reference_id":"GHSA-9c9v-w225-v5rg","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66563?format=json","purl":"pkg:npm/ghost@5.59.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-fjk7-enzv-a7hm"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.59.1"}],"aliases":["CVE-2023-40028","GHSA-9c9v-w225-v5rg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9ty-mpku-13fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45123?format=json","vulnerability_id":"VCID-qrjm-axkj-37c4","summary":"Path Traversal in Ghost\nGhost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235","reference_id":"","reference_type":"","scores":[{"value":"0.94094","scoring_system":"epss","scoring_elements":"0.99911","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f"},{"reference_url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py","reference_id":"CVE-2023-32235","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235","reference_id":"CVE-2023-32235","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235"},{"reference_url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6","reference_id":"GHSA-wf7x-fh6w-34r6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65054?format=json","purl":"pkg:npm/ghost@5.42.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gnc6-cpen-4fd7"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-q9ty-mpku-13fg"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.42.1"}],"aliases":["CVE-2023-32235","GHSA-wf7x-fh6w-34r6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrjm-axkj-37c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41486?format=json","vulnerability_id":"VCID-wv6g-5a6k-gfhp","summary":"Remote command injection when using sendmail email transport\n### Impact\n\nSites using the `sendmail` transport as part of their `mail` config are vulnerable to remote command injection due to a [vulnerability](https://github.com/advisories/GHSA-48ww-j4fc-435p) in the `nodemailer` dependency.\n\nGhost defaults to the `direct` transport so this is only exploitable if the `sendmail` transport is explicitly used.\n\n### Patches\n\nFixed in 4.15.0, all sites should upgrade as soon as possible.\n\n### Workarounds\n\n* Use an alternative email transport as described in the [docs](https://ghost.org/docs/config/#mail). \n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* email us at security@ghost.org","references":[{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/93e4b2eafd18bc8e4c17924e0824e73617e7940c","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/commit/93e4b2eafd18bc8e4c17924e0824e73617e7940c"},{"reference_url":"https://github.com/advisories/GHSA-48ww-j4fc-435p","reference_id":"GHSA-48ww-j4fc-435p","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-48ww-j4fc-435p"},{"reference_url":"https://github.com/advisories/GHSA-wfrj-qqc2-83cm","reference_id":"GHSA-wfrj-qqc2-83cm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wfrj-qqc2-83cm"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm","reference_id":"GHSA-wfrj-qqc2-83cm","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59045?format=json","purl":"pkg:npm/ghost@4.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-5rgb-wg1q-7kgz"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gnc6-cpen-4fd7"},{"vulnerability":"VCID-nz5j-jdbu-2bd2"},{"vulnerability":"VCID-q9ty-mpku-13fg"},{"vulnerability":"VCID-qrjm-axkj-37c4"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.15.0"}],"aliases":["GHSA-wfrj-qqc2-83cm","GMS-2021-182"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv6g-5a6k-gfhp"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@2.16.2"}