Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/ghost@5.130.6
Typenpm
Namespace
Nameghost
Version5.130.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.19.3
Latest_non_vulnerable_version6.19.3
Affected_by_vulnerabilities
0
url VCID-4chn-jutc-fue2
vulnerability_id VCID-4chn-jutc-fue2
summary Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. This issue has been patched in version 6.19.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29784
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07583
published_at 2026-06-14T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07597
published_at 2026-06-12T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.0756
published_at 2026-06-11T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07592
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29784
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29784
reference_id CVE-2026-29784
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29784
2
reference_url https://github.com/TryGhost/Ghost/commit/ec065a774fa125953d2aa644a59cd8990329e0a0
reference_id ec065a774fa125953d2aa644a59cd8990329e0a0
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T17:39:47Z/
url https://github.com/TryGhost/Ghost/commit/ec065a774fa125953d2aa644a59cd8990329e0a0
3
reference_url https://github.com/advisories/GHSA-9m84-wc28-w895
reference_id GHSA-9m84-wc28-w895
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9m84-wc28-w895
4
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-9m84-wc28-w895
reference_id GHSA-9m84-wc28-w895
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T17:39:47Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-9m84-wc28-w895
fixed_packages
0
url pkg:npm/ghost@6.19.3
purl pkg:npm/ghost@6.19.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.3
aliases CVE-2026-29784, GHSA-9m84-wc28-w895
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4chn-jutc-fue2
1
url VCID-cv37-vmbh-hbge
vulnerability_id VCID-cv37-vmbh-hbge
summary Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26980
reference_id
reference_type
scores
0
value 0.56657
scoring_system epss
scoring_elements 0.98173
published_at 2026-06-13T12:55:00Z
1
value 0.56657
scoring_system epss
scoring_elements 0.98174
published_at 2026-06-14T12:55:00Z
2
value 0.56657
scoring_system epss
scoring_elements 0.98172
published_at 2026-06-12T12:55:00Z
3
value 0.56657
scoring_system epss
scoring_elements 0.98166
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26980
1
reference_url https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980
2
reference_url https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91
reference_id 30868d632b2252b638bc8a4c8ebf73964592ed91
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/
url https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt
reference_id CVE-2026-26980
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26980
reference_id CVE-2026-26980
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26980
5
reference_url https://github.com/advisories/GHSA-w52v-v783-gw97
reference_id GHSA-w52v-v783-gw97
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w52v-v783-gw97
6
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97
reference_id GHSA-w52v-v783-gw97
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97
7
reference_url https://github.com/TryGhost/Ghost/releases/tag/v6.19.1
reference_id v6.19.1
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/
url https://github.com/TryGhost/Ghost/releases/tag/v6.19.1
fixed_packages
0
url pkg:npm/ghost@6.19.1
purl pkg:npm/ghost@6.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1
aliases CVE-2026-26980, GHSA-w52v-v783-gw97
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cv37-vmbh-hbge
2
url VCID-uv9z-tvr6-7ugm
vulnerability_id VCID-uv9z-tvr6-7ugm
summary Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29053
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09327
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09318
published_at 2026-06-14T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09328
published_at 2026-06-13T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09276
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29053
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29053
reference_id CVE-2026-29053
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29053
2
reference_url https://github.com/advisories/GHSA-cgc2-rcrh-qr5x
reference_id GHSA-cgc2-rcrh-qr5x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cgc2-rcrh-qr5x
3
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
reference_id GHSA-cgc2-rcrh-qr5x
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-05T15:29:20Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
fixed_packages
0
url pkg:npm/ghost@6.19.1
purl pkg:npm/ghost@6.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1
aliases CVE-2026-29053, GHSA-cgc2-rcrh-qr5x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uv9z-tvr6-7ugm
Fixing_vulnerabilities
0
url VCID-dqj6-6jfr-37ca
vulnerability_id VCID-dqj6-6jfr-37ca
summary Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22597
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10202
published_at 2026-06-14T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10216
published_at 2026-06-13T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10211
published_at 2026-06-12T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10164
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22597
1
reference_url https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9
reference_id 15d49131ff4aac3aca8642501c793f01f2bfcbb9
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T15:33:44Z/
url https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9
2
reference_url https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51
reference_id 93add549ccf079d8e28bdb724fbb71a76942ff51
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T15:33:44Z/
url https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22597
reference_id CVE-2026-22597
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22597
4
reference_url https://github.com/advisories/GHSA-vmc4-9828-r48r
reference_id GHSA-vmc4-9828-r48r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vmc4-9828-r48r
5
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
reference_id GHSA-vmc4-9828-r48r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T15:33:44Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r
fixed_packages
0
url pkg:npm/ghost@5.130.6
purl pkg:npm/ghost@5.130.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.130.6
1
url pkg:npm/ghost@6.0.0-alpha.1
purl pkg:npm/ghost@6.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.0.0-alpha.1
2
url pkg:npm/ghost@6.11.0
purl pkg:npm/ghost@6.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-f173-31n6-73fu
3
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.11.0
aliases CVE-2026-22597, GHSA-vmc4-9828-r48r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqj6-6jfr-37ca
1
url VCID-k4ww-t1ck-jkcr
vulnerability_id VCID-k4ww-t1ck-jkcr
summary Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22596
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16437
published_at 2026-06-14T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.16465
published_at 2026-06-13T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.16453
published_at 2026-06-12T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.1631
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22596
1
reference_url https://github.com/TryGhost/Ghost/commit/cda236e455a7a30e828b6cba3c430e5796ded955
reference_id cda236e455a7a30e828b6cba3c430e5796ded955
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:37:34Z/
url https://github.com/TryGhost/Ghost/commit/cda236e455a7a30e828b6cba3c430e5796ded955
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22596
reference_id CVE-2026-22596
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22596
3
reference_url https://github.com/TryGhost/Ghost/commit/f2165f968bcdaae0e35590b38fa280ab03239391
reference_id f2165f968bcdaae0e35590b38fa280ab03239391
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:37:34Z/
url https://github.com/TryGhost/Ghost/commit/f2165f968bcdaae0e35590b38fa280ab03239391
4
reference_url https://github.com/advisories/GHSA-gjrp-xgmh-x9qq
reference_id GHSA-gjrp-xgmh-x9qq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjrp-xgmh-x9qq
5
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-gjrp-xgmh-x9qq
reference_id GHSA-gjrp-xgmh-x9qq
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:37:34Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-gjrp-xgmh-x9qq
fixed_packages
0
url pkg:npm/ghost@5.130.6
purl pkg:npm/ghost@5.130.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.130.6
1
url pkg:npm/ghost@6.0.0-alpha.1
purl pkg:npm/ghost@6.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.0.0-alpha.1
2
url pkg:npm/ghost@6.11.0
purl pkg:npm/ghost@6.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-f173-31n6-73fu
3
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.11.0
aliases CVE-2026-22596, GHSA-gjrp-xgmh-x9qq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4ww-t1ck-jkcr
2
url VCID-z5jg-cfyj-sbg5
vulnerability_id VCID-z5jg-cfyj-sbg5
summary Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22594
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.0082
published_at 2026-06-14T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00814
published_at 2026-06-12T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00818
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22594
1
reference_url https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b
reference_id b59f707f670e6f175b669977724ccf16c718430b
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:53:47Z/
url https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22594
reference_id CVE-2026-22594
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22594
3
reference_url https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07
reference_id fc7bc2fb0888513498154ec5cb4b21eccb88de07
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:53:47Z/
url https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07
4
reference_url https://github.com/advisories/GHSA-5fp7-g646-ccf4
reference_id GHSA-5fp7-g646-ccf4
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5fp7-g646-ccf4
5
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4
reference_id GHSA-5fp7-g646-ccf4
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:53:47Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4
fixed_packages
0
url pkg:npm/ghost@5.130.6
purl pkg:npm/ghost@5.130.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.130.6
1
url pkg:npm/ghost@6.0.0-alpha.1
purl pkg:npm/ghost@6.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.0.0-alpha.1
2
url pkg:npm/ghost@6.11.0
purl pkg:npm/ghost@6.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-f173-31n6-73fu
3
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.11.0
aliases CVE-2026-22594, GHSA-5fp7-g646-ccf4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z5jg-cfyj-sbg5
3
url VCID-z8d3-xben-ebay
vulnerability_id VCID-z8d3-xben-ebay
summary Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22595
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05637
published_at 2026-06-14T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05645
published_at 2026-06-13T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05652
published_at 2026-06-12T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05626
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22595
1
reference_url https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8
reference_id 9513d2a35c21067127ce8192443d8919ddcefcc8
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:51:33Z/
url https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8
2
reference_url https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3
reference_id c3017f81a5387b253a7b8c1ba1959d430ee536a3
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:51:33Z/
url https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22595
reference_id CVE-2026-22595
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22595
4
reference_url https://github.com/advisories/GHSA-9xg7-mwmp-xmjx
reference_id GHSA-9xg7-mwmp-xmjx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9xg7-mwmp-xmjx
5
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx
reference_id GHSA-9xg7-mwmp-xmjx
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:51:33Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx
fixed_packages
0
url pkg:npm/ghost@5.130.6
purl pkg:npm/ghost@5.130.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.130.6
1
url pkg:npm/ghost@6.0.0-alpha.1
purl pkg:npm/ghost@6.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.0.0-alpha.1
2
url pkg:npm/ghost@6.11.0
purl pkg:npm/ghost@6.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-f173-31n6-73fu
3
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.11.0
aliases CVE-2026-22595, GHSA-9xg7-mwmp-xmjx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z8d3-xben-ebay
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.130.6