{"url":"http://public2.vulnerablecode.io/api/packages/515060?format=json","purl":"pkg:npm/ghost@4.8.2","type":"npm","namespace":"","name":"ghost","version":"4.8.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.19.3","latest_non_vulnerable_version":"6.19.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/143294?format=json","vulnerability_id":"VCID-322u-tcye-huf9","summary":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235","reference_id":"","reference_type":"","scores":[{"value":"0.94094","scoring_system":"epss","scoring_elements":"0.99911","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f","reference_id":"378dd913aa8d0fd0da29b0ffced8884579598b0f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py","reference_id":"CVE-2023-32235","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py"},{"reference_url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6","reference_id":"GHSA-wf7x-fh6w-34r6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6"},{"reference_url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1","reference_id":"v5.42.0...v5.42.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381977?format=json","purl":"pkg:npm/ghost@5.42.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-c6w8-e895-yffy"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-kv7x-8p66-tqf3"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.42.1"}],"aliases":["CVE-2023-32235","GHSA-wf7x-fh6w-34r6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-322u-tcye-huf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33369?format=json","vulnerability_id":"VCID-744d-rhkz-87fp","summary":"Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724","reference_id":"","reference_type":"","scores":[{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97335","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724"},{"reference_url":"https://rhinosecuritylabs.com/blog","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhinosecuritylabs.com/blog"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/19646","reference_id":"19646","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/19646"},{"reference_url":"https://rhinosecuritylabs.com/blog/","reference_id":"blog","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://rhinosecuritylabs.com/blog/"},{"reference_url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724","reference_id":"CVE-2024-23724","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724","reference_id":"CVE-2024-23724","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724"},{"reference_url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm","reference_id":"GHSA-99vc-xw8j-phjm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm"}],"fixed_packages":[],"aliases":["CVE-2024-23724","GHSA-99vc-xw8j-phjm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-744d-rhkz-87fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/342562?format=json","vulnerability_id":"VCID-917k-qeuy-aybr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39192","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67697","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39192"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v4.10.0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v4.10.0"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-j5c2-hm46-wp5c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39192","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383182?format=json","purl":"pkg:npm/ghost@4.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322u-tcye-huf9"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-c6w8-e895-yffy"},{"vulnerability":"VCID-cncs-9zzp-q7b1"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-kv7x-8p66-tqf3"},{"vulnerability":"VCID-s9t5-skgx-u3hw"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.10.0"}],"aliases":["CVE-2021-39192","GHSA-j5c2-hm46-wp5c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-917k-qeuy-aybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150484?format=json","vulnerability_id":"VCID-c6w8-e895-yffy","summary":"Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028","reference_id":"","reference_type":"","scores":[{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.99012","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205","reference_id":"690fbf3f7302ff3f77159c0795928bdd20f41205","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py","reference_id":"CVE-2023-40028","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py"},{"reference_url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg","reference_id":"GHSA-9c9v-w225-v5rg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg","reference_id":"GHSA-9c9v-w225-v5rg","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380666?format=json","purl":"pkg:npm/ghost@5.59.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-f173-31n6-73fu"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.59.1"}],"aliases":["CVE-2023-40028","GHSA-9c9v-w225-v5rg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6w8-e895-yffy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361163?format=json","vulnerability_id":"VCID-cncs-9zzp-q7b1","summary":"Remote command injection when using sendmail email transport\n### Impact\n\nSites using the `sendmail` transport as part of their `mail` config are vulnerable to remote command injection due to a [vulnerability](https://github.com/advisories/GHSA-48ww-j4fc-435p) in the `nodemailer` dependency.\n\nGhost defaults to the `direct` transport so this is only exploitable if the `sendmail` transport is explicitly used.\n\n### Patches\n\nFixed in 4.15.0, all sites should upgrade as soon as possible.\n\n### Workarounds\n\n* Use an alternative email transport as described in the [docs](https://ghost.org/docs/config/#mail). \n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* email us at security@ghost.org","references":[{"reference_url":"https://github.com/advisories/GHSA-48ww-j4fc-435p","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-48ww-j4fc-435p"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/93e4b2eafd18bc8e4c17924e0824e73617e7940c","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/commit/93e4b2eafd18bc8e4c17924e0824e73617e7940c"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm"},{"reference_url":"https://github.com/advisories/GHSA-wfrj-qqc2-83cm","reference_id":"GHSA-wfrj-qqc2-83cm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wfrj-qqc2-83cm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382493?format=json","purl":"pkg:npm/ghost@4.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322u-tcye-huf9"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-c6w8-e895-yffy"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-kv7x-8p66-tqf3"},{"vulnerability":"VCID-s9t5-skgx-u3hw"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.15.0"}],"aliases":["GHSA-wfrj-qqc2-83cm","GMS-2021-182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cncs-9zzp-q7b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70890?format=json","vulnerability_id":"VCID-cv37-vmbh-hbge","summary":"Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26980","reference_id":"","reference_type":"","scores":[{"value":"0.56657","scoring_system":"epss","scoring_elements":"0.98166","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26980"},{"reference_url":"https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91","reference_id":"30868d632b2252b638bc8a4c8ebf73964592ed91","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt","reference_id":"CVE-2026-26980","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26980","reference_id":"CVE-2026-26980","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26980"},{"reference_url":"https://github.com/advisories/GHSA-w52v-v783-gw97","reference_id":"GHSA-w52v-v783-gw97","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w52v-v783-gw97"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97","reference_id":"GHSA-w52v-v783-gw97","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v6.19.1","reference_id":"v6.19.1","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v6.19.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39368?format=json","purl":"pkg:npm/ghost@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4chn-jutc-fue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1"}],"aliases":["CVE-2026-26980","GHSA-w52v-v783-gw97"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cv37-vmbh-hbge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137141?format=json","vulnerability_id":"VCID-kv7x-8p66-tqf3","summary":"Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.\n\nGhost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"0.0717","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90","reference_id":"b3caf16005289cc9909488391b4a26f3f4a66a90","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90"},{"reference_url":"https://github.com/advisories/GHSA-r97q-ghch-82j9","reference_id":"GHSA-r97q-ghch-82j9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r97q-ghch-82j9"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9","reference_id":"GHSA-r97q-ghch-82j9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1","reference_id":"v5.46.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382079?format=json","purl":"pkg:npm/ghost@5.46.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-c6w8-e895-yffy"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-f173-31n6-73fu"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.46.1"}],"aliases":["CVE-2023-31133","GHSA-r97q-ghch-82j9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kv7x-8p66-tqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361170?format=json","vulnerability_id":"VCID-s9t5-skgx-u3hw","summary":"Member account takeover\n### Impact\n\nAn error in the implementation of the member email change functionality allows unauthenticated users to change the email address of arbitrary member accounts to one they control by crafting a request to the relevant API endpoint, and validating the new address via magic link sent to the new email address.\n\nGhost(Pro) has already been patched. Self-hosters are impacted if running Ghost a version between 3.18.0 and 4.15.0 with members functionality enabled.\n\n### Patches\n\nFixed in 4.15.1, all 4.x sites should upgrade as soon as possible.\nFixed in 3.42.6, all 3.x sites should upgrade as soon as possible.\n\n### Workarounds\n\nThe patch in 4.15.1 and 3.42.6 adds a new authenticated endpoint for updating member email addresses. Updating Ghost is the quickest complete solution.\n\nAs a workaround, if for any reason you cannot update your Ghost instance, you can block the `POST /members/api/send-magic-link/` endpoint, which will also disable member login and signup for your site.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Email us at [security@ghost.org](mailto:security@ghost.org)","references":[{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-65p7-pjj8-ggmr"},{"reference_url":"https://github.com/advisories/GHSA-65p7-pjj8-ggmr","reference_id":"GHSA-65p7-pjj8-ggmr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-65p7-pjj8-ggmr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382608?format=json","purl":"pkg:npm/ghost@4.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-322u-tcye-huf9"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-c6w8-e895-yffy"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-kv7x-8p66-tqf3"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"},{"vulnerability":"VCID-v17s-qgdp-cyan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.15.1"}],"aliases":["GHSA-65p7-pjj8-ggmr","GMS-2021-181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9t5-skgx-u3hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74005?format=json","vulnerability_id":"VCID-uv9z-tvr6-7ugm","summary":"Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09276","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053","reference_id":"CVE-2026-29053","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053"},{"reference_url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"GHSA-cgc2-rcrh-qr5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"GHSA-cgc2-rcrh-qr5x","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-05T15:29:20Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39368?format=json","purl":"pkg:npm/ghost@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4chn-jutc-fue2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1"}],"aliases":["CVE-2026-29053","GHSA-cgc2-rcrh-qr5x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uv9z-tvr6-7ugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33647?format=json","vulnerability_id":"VCID-v17s-qgdp-cyan","summary":"Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29634","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725"},{"reference_url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/17190","reference_id":"17190","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/17190"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725","reference_id":"CVE-2024-23725","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725"},{"reference_url":"https://github.com/advisories/GHSA-fh38-9fgr-454w","reference_id":"GHSA-fh38-9fgr-454w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh38-9fgr-454w"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0","reference_id":"v5.76.0","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28506?format=json","purl":"pkg:npm/ghost@5.76.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3u5f-347g-a7cz"},{"vulnerability":"VCID-744d-rhkz-87fp"},{"vulnerability":"VCID-cv37-vmbh-hbge"},{"vulnerability":"VCID-f173-31n6-73fu"},{"vulnerability":"VCID-uv9z-tvr6-7ugm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.76.0"}],"aliases":["CVE-2024-23725","GHSA-fh38-9fgr-454w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v17s-qgdp-cyan"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@4.8.2"}