{"url":"http://public2.vulnerablecode.io/api/packages/443302?format=json","purl":"pkg:npm/ghost@2.1.2","type":"npm","namespace":"","name":"ghost","version":"2.1.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.19.3","latest_non_vulnerable_version":"6.19.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39320?format=json","vulnerability_id":"VCID-42qb-1fe9-2ud1","summary":"Ghost vulnerable to information disclosure of private API fields\n### Impact\n\nDue to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.\n\nGhost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added.\n\nSelf-hosters are impacted if running Ghost a version below v5.46.1. Immediate action should be taken to secure your site - see patches and workarounds below.\n\n### Patches\n\nv5.46.1 contains a fix for this issue.\n\n### Workarounds\n\nAdd a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Email us at [security@ghost.org](mailto:security@ghost.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"0.06897","scoring_system":"epss","scoring_elements":"0.91521","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133"},{"reference_url":"https://github.com/advisories/GHSA-r97q-ghch-82j9","reference_id":"GHSA-r97q-ghch-82j9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r97q-ghch-82j9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73104?format=json","purl":"pkg:npm/ghost@5.46.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5trt-jw4c-ykcr"},{"vulnerability":"VCID-6dcp-8dum-2ucd"},{"vulnerability":"VCID-9ubx-eyfx-sbcn"},{"vulnerability":"VCID-f7fz-gqwc-pfg2"},{"vulnerability":"VCID-hvg2-a3qw-juhy"},{"vulnerability":"VCID-mxf8-xdp9-87hs"},{"vulnerability":"VCID-w98z-w2u3-uufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.46.1"}],"aliases":["CVE-2023-31133","GHSA-r97q-ghch-82j9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42qb-1fe9-2ud1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22285?format=json","vulnerability_id":"VCID-6dcp-8dum-2ucd","summary":"Ghost Vulnerable to Remote Code Execution via Malicious Themes\n### Impact\n\nSpecifically crafted malicious themes can execute arbitrary code on the server running Ghost. \n\n### Vulnerable Versions\n\nThis vulnerability is present in Ghost v0.7.2 to v6.19.0.\n\n### Patches\n\nv6.19.1 contains a fix for this issue.\n\n### Workarounds\n\nGhost generally recommends users refrain from installing untrusted themes. If a malicious theme has already been installed, it is recommended to uninstall the theme and then inspect it to understand its impact, which will be attack-specific. \n\n### References\nGhost thanks Cristian-Alexandru Staicu at Endor Labs for disclosing this vulnerability responsibly. \n\n### For more information\n\nIf there are any questions or comments about this advisory, email Ghost at [security@ghost.org](mailto:security@ghost.org).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.093","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-05T15:29:20Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053"},{"reference_url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"GHSA-cgc2-rcrh-qr5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55339?format=json","purl":"pkg:npm/ghost@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14vf-mem3-53du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1"}],"aliases":["CVE-2026-29053","GHSA-cgc2-rcrh-qr5x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dcp-8dum-2ucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42158?format=json","vulnerability_id":"VCID-7rrq-zh6p-zfh7","summary":"Remote command injection when using sendmail email transport\n### Impact\n\nSites using the `sendmail` transport as part of their `mail` config are vulnerable to remote command injection due to a [vulnerability](https://github.com/advisories/GHSA-48ww-j4fc-435p) in the `nodemailer` dependency.\n\nGhost defaults to the `direct` transport so this is only exploitable if the `sendmail` transport is explicitly used.\n\n### Patches\n\nFixed in 4.15.0, all sites should upgrade as soon as possible.\n\n### Workarounds\n\n* Use an alternative email transport as described in the [docs](https://ghost.org/docs/config/#mail). \n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* email us at security@ghost.org","references":[{"reference_url":"https://github.com/advisories/GHSA-48ww-j4fc-435p","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-48ww-j4fc-435p"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/93e4b2eafd18bc8e4c17924e0824e73617e7940c","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/commit/93e4b2eafd18bc8e4c17924e0824e73617e7940c"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm"},{"reference_url":"https://github.com/advisories/GHSA-wfrj-qqc2-83cm","reference_id":"GHSA-wfrj-qqc2-83cm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wfrj-qqc2-83cm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75973?format=json","purl":"pkg:npm/ghost@4.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qb-1fe9-2ud1"},{"vulnerability":"VCID-6dcp-8dum-2ucd"},{"vulnerability":"VCID-9ubx-eyfx-sbcn"},{"vulnerability":"VCID-f7fz-gqwc-pfg2"},{"vulnerability":"VCID-hvg2-a3qw-juhy"},{"vulnerability":"VCID-n2hb-fhkf-8kcj"},{"vulnerability":"VCID-qs4v-vv9f-k3am"},{"vulnerability":"VCID-w98z-w2u3-uufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.15.0"}],"aliases":["GHSA-wfrj-qqc2-83cm","GMS-2021-182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7rrq-zh6p-zfh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10062?format=json","vulnerability_id":"VCID-9ubx-eyfx-sbcn","summary":"Ghost has possible Cross-site Scripting issue\nGhost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724","reference_id":"","reference_type":"","scores":[{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97309","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724"},{"reference_url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/19646","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/19646"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724"},{"reference_url":"https://rhinosecuritylabs.com/blog","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhinosecuritylabs.com/blog"},{"reference_url":"https://rhinosecuritylabs.com/blog/","reference_id":"blog","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://rhinosecuritylabs.com/blog/"},{"reference_url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm","reference_id":"GHSA-99vc-xw8j-phjm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm"}],"fixed_packages":[],"aliases":["CVE-2024-23724","GHSA-99vc-xw8j-phjm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ubx-eyfx-sbcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46271?format=json","vulnerability_id":"VCID-db37-62bx-aqfj","summary":"Server-side request forgery in Ghost CMS\nServer-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8134","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53465","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8134"},{"reference_url":"https://hackerone.com/reports/793704","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hackerone.com/reports/793704"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8134","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8134"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80320?format=json","purl":"pkg:npm/ghost@3.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qb-1fe9-2ud1"},{"vulnerability":"VCID-6dcp-8dum-2ucd"},{"vulnerability":"VCID-7rrq-zh6p-zfh7"},{"vulnerability":"VCID-9ubx-eyfx-sbcn"},{"vulnerability":"VCID-f7fz-gqwc-pfg2"},{"vulnerability":"VCID-n2hb-fhkf-8kcj"},{"vulnerability":"VCID-w98z-w2u3-uufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@3.10.0"}],"aliases":["CVE-2020-8134","GHSA-q4h8-7qff-gh6c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db37-62bx-aqfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9154?format=json","vulnerability_id":"VCID-f7fz-gqwc-pfg2","summary":"Cross-site Scripting in Ghost\nGhost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29731","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/17190","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/17190"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"},{"reference_url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725"},{"reference_url":"https://github.com/advisories/GHSA-fh38-9fgr-454w","reference_id":"GHSA-fh38-9fgr-454w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh38-9fgr-454w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23144?format=json","purl":"pkg:npm/ghost@5.76.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5trt-jw4c-ykcr"},{"vulnerability":"VCID-6dcp-8dum-2ucd"},{"vulnerability":"VCID-9ubx-eyfx-sbcn"},{"vulnerability":"VCID-hvg2-a3qw-juhy"},{"vulnerability":"VCID-mxf8-xdp9-87hs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.76.0"}],"aliases":["CVE-2024-23725","GHSA-fh38-9fgr-454w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7fz-gqwc-pfg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39118?format=json","vulnerability_id":"VCID-n2hb-fhkf-8kcj","summary":"Path Traversal in Ghost\nGhost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235","reference_id":"","reference_type":"","scores":[{"value":"0.94094","scoring_system":"epss","scoring_elements":"0.99911","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f"},{"reference_url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py","reference_id":"CVE-2023-32235","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py"},{"reference_url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6","reference_id":"GHSA-wf7x-fh6w-34r6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72428?format=json","purl":"pkg:npm/ghost@5.42.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42qb-1fe9-2ud1"},{"vulnerability":"VCID-6dcp-8dum-2ucd"},{"vulnerability":"VCID-9ubx-eyfx-sbcn"},{"vulnerability":"VCID-f7fz-gqwc-pfg2"},{"vulnerability":"VCID-hvg2-a3qw-juhy"},{"vulnerability":"VCID-mxf8-xdp9-87hs"},{"vulnerability":"VCID-w98z-w2u3-uufh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.42.1"}],"aliases":["CVE-2023-32235","GHSA-wf7x-fh6w-34r6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2hb-fhkf-8kcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37194?format=json","vulnerability_id":"VCID-w98z-w2u3-uufh","summary":"Ghost vulnerable to arbitrary file read via symlinks in content import\n### Impact\n\nA vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system.\n\nSite administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder\n\n### Vulnerable versions\n\nThis security vulnerability is present in Ghost ≤ v5.59.0.\n\n### Patches\n\nv5.59.1 contains a fix for this issue.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Email us at [security@ghost.org](mailto:security@ghost.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028","reference_id":"","reference_type":"","scores":[{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.99011","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py","reference_id":"CVE-2023-40028","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py"},{"reference_url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg","reference_id":"GHSA-9c9v-w225-v5rg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70084?format=json","purl":"pkg:npm/ghost@5.59.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5trt-jw4c-ykcr"},{"vulnerability":"VCID-6dcp-8dum-2ucd"},{"vulnerability":"VCID-9ubx-eyfx-sbcn"},{"vulnerability":"VCID-f7fz-gqwc-pfg2"},{"vulnerability":"VCID-hvg2-a3qw-juhy"},{"vulnerability":"VCID-mxf8-xdp9-87hs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.59.1"}],"aliases":["CVE-2023-40028","GHSA-9c9v-w225-v5rg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w98z-w2u3-uufh"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@2.1.2"}