{"url":"http://public2.vulnerablecode.io/api/packages/28086?format=json","purl":"pkg:npm/ghost@5.22.7","type":"npm","namespace":"","name":"ghost","version":"5.22.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.19.3","latest_non_vulnerable_version":"6.19.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/143294?format=json","vulnerability_id":"VCID-322u-tcye-huf9","summary":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235","reference_id":"","reference_type":"","scores":[{"value":"0.94094","scoring_system":"epss","scoring_elements":"0.99911","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f","reference_id":"378dd913aa8d0fd0da29b0ffced8884579598b0f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py","reference_id":"CVE-2023-32235","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py"},{"reference_url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6","reference_id":"GHSA-wf7x-fh6w-34r6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6"},{"reference_url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1","reference_id":"v5.42.0...v5.42.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381977?format=json","purl":"pkg:npm/ghost@5.42.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-c6w8-e895-yffy"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-kv7x-8p66-tqf3"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.42.1"}],"aliases":["CVE-2023-32235","GHSA-wf7x-fh6w-34r6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-322u-tcye-huf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31621?format=json","vulnerability_id":"VCID-3u5f-347g-a7cz","summary":"Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43409","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64355","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64364","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64368","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64252","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43409"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43409","reference_id":"CVE-2024-43409","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43409"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db","reference_id":"dac25612520b571f58679764ecc27109e641d1db","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:32:40Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db"},{"reference_url":"https://github.com/advisories/GHSA-78x2-cwp9-5j42","reference_id":"GHSA-78x2-cwp9-5j42","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-78x2-cwp9-5j42"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42","reference_id":"GHSA-78x2-cwp9-5j42","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:32:40Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33053?format=json","purl":"pkg:npm/ghost@5.89.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-f173-31n6-73fu"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.89.5"}],"aliases":["CVE-2024-43409","GHSA-78x2-cwp9-5j42"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3u5f-347g-a7cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33369?format=json","vulnerability_id":"VCID-744d-rhkz-87fp","summary":"Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724","reference_id":"","reference_type":"","scores":[{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97344","published_at":"2026-06-13T12:55:00Z"},{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97345","published_at":"2026-06-14T12:55:00Z"},{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97335","published_at":"2026-06-11T12:55:00Z"},{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97342","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724"},{"reference_url":"https://rhinosecuritylabs.com/blog","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhinosecuritylabs.com/blog"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/19646","reference_id":"19646","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/19646"},{"reference_url":"https://rhinosecuritylabs.com/blog/","reference_id":"blog","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://rhinosecuritylabs.com/blog/"},{"reference_url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724","reference_id":"CVE-2024-23724","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724","reference_id":"CVE-2024-23724","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724"},{"reference_url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm","reference_id":"GHSA-99vc-xw8j-phjm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm"}],"fixed_packages":[],"aliases":["CVE-2024-23724","GHSA-99vc-xw8j-phjm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-744d-rhkz-87fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150484?format=json","vulnerability_id":"VCID-c6w8-e895-yffy","summary":"Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028","reference_id":"","reference_type":"","scores":[{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.99012","published_at":"2026-06-11T12:55:00Z"},{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.99017","published_at":"2026-06-14T12:55:00Z"},{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.99016","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205","reference_id":"690fbf3f7302ff3f77159c0795928bdd20f41205","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py","reference_id":"CVE-2023-40028","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py"},{"reference_url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg","reference_id":"GHSA-9c9v-w225-v5rg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg","reference_id":"GHSA-9c9v-w225-v5rg","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380666?format=json","purl":"pkg:npm/ghost@5.59.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-f173-31n6-73fu"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.59.1"}],"aliases":["CVE-2023-40028","GHSA-9c9v-w225-v5rg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6w8-e895-yffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70890?format=json","vulnerability_id":"VCID-cv37-vmbh-hbge","summary":"Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26980","reference_id":"","reference_type":"","scores":[{"value":"0.56657","scoring_system":"epss","scoring_elements":"0.98173","published_at":"2026-06-13T12:55:00Z"},{"value":"0.56657","scoring_system":"epss","scoring_elements":"0.98174","published_at":"2026-06-14T12:55:00Z"},{"value":"0.56657","scoring_system":"epss","scoring_elements":"0.98172","published_at":"2026-06-12T12:55:00Z"},{"value":"0.56657","scoring_system":"epss","scoring_elements":"0.98166","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26980"},{"reference_url":"https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91","reference_id":"30868d632b2252b638bc8a4c8ebf73964592ed91","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt","reference_id":"CVE-2026-26980","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26980","reference_id":"CVE-2026-26980","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26980"},{"reference_url":"https://github.com/advisories/GHSA-w52v-v783-gw97","reference_id":"GHSA-w52v-v783-gw97","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w52v-v783-gw97"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97","reference_id":"GHSA-w52v-v783-gw97","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v6.19.1","reference_id":"v6.19.1","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v6.19.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39368?format=json","purl":"pkg:npm/ghost@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4chn-jutc-fue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1"}],"aliases":["CVE-2026-26980","GHSA-w52v-v783-gw97"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cv37-vmbh-hbge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137141?format=json","vulnerability_id":"VCID-kv7x-8p66-tqf3","summary":"Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.\n\nGhost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"0.0717","scoring_system":"epss","scoring_elements":"0.91801","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0717","scoring_system":"epss","scoring_elements":"0.91798","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0717","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0717","scoring_system":"epss","scoring_elements":"0.91793","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90","reference_id":"b3caf16005289cc9909488391b4a26f3f4a66a90","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90"},{"reference_url":"https://github.com/advisories/GHSA-r97q-ghch-82j9","reference_id":"GHSA-r97q-ghch-82j9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r97q-ghch-82j9"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9","reference_id":"GHSA-r97q-ghch-82j9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1","reference_id":"v5.46.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382079?format=json","purl":"pkg:npm/ghost@5.46.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-c6w8-e895-yffy"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-f173-31n6-73fu"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.46.1"}],"aliases":["CVE-2023-31133","GHSA-r97q-ghch-82j9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kv7x-8p66-tqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74005?format=json","vulnerability_id":"VCID-uv9z-tvr6-7ugm","summary":"Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09327","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09318","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09328","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09276","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053","reference_id":"CVE-2026-29053","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053"},{"reference_url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"GHSA-cgc2-rcrh-qr5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"GHSA-cgc2-rcrh-qr5x","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-05T15:29:20Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39368?format=json","purl":"pkg:npm/ghost@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4chn-jutc-fue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1"}],"aliases":["CVE-2026-29053","GHSA-cgc2-rcrh-qr5x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uv9z-tvr6-7ugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33647?format=json","vulnerability_id":"VCID-v17s-qgdp-cyan","summary":"Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29831","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29833","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29848","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29634","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725"},{"reference_url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/17190","reference_id":"17190","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/17190"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725","reference_id":"CVE-2024-23725","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725"},{"reference_url":"https://github.com/advisories/GHSA-fh38-9fgr-454w","reference_id":"GHSA-fh38-9fgr-454w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh38-9fgr-454w"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0","reference_id":"v5.76.0","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28506?format=json","purl":"pkg:npm/ghost@5.76.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-f173-31n6-73fu"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.76.0"}],"aliases":["CVE-2024-23725","GHSA-fh38-9fgr-454w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v17s-qgdp-cyan"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172448?format=json","vulnerability_id":"VCID-wq3c-84ce-c3hz","summary":"An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41654","reference_id":"","reference_type":"","scores":[{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53537","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53539","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.5341","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00297","scoring_system":"epss","scoring_elements":"0.53552","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41654"},{"reference_url":"https://forum.ghost.org/t/security-update-available-for-ghost-4-48-7-and-5-22-6/34475","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.ghost.org/t/security-update-available-for-ghost-4-48-7-and-5-22-6/34475"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41654","reference_id":"CVE-2022-41654","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41654"},{"reference_url":"https://github.com/advisories/GHSA-9gh8-wp53-ccc6","reference_id":"GHSA-9gh8-wp53-ccc6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gh8-wp53-ccc6"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6","reference_id":"GHSA-9gh8-wp53-ccc6","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T18:08:07Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624","reference_id":"TALOS-2022-1624","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T18:08:07Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28088?format=json","purl":"pkg:npm/ghost@4.48.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322u-tcye-huf9"},{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-c6w8-e895-yffy"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-kv7x-8p66-tqf3"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.48.8"},{"url":"http://public2.vulnerablecode.io/api/packages/28086?format=json","purl":"pkg:npm/ghost@5.22.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322u-tcye-huf9"},{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-c6w8-e895-yffy"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-kv7x-8p66-tqf3"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.22.7"}],"aliases":["CVE-2022-41654","GHSA-9gh8-wp53-ccc6","GMS-2022-7409"],"risk_score":4.3,"exploitability":"0.5","weighted_severity":"8.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wq3c-84ce-c3hz"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.22.7"}