Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/ghost@5.50.1
Typenpm
Namespace
Nameghost
Version5.50.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.19.3
Latest_non_vulnerable_version6.19.3
Affected_by_vulnerabilities
0
url VCID-3u5f-347g-a7cz
vulnerability_id VCID-3u5f-347g-a7cz
summary Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43409
reference_id
reference_type
scores
0
value 0.00454
scoring_system epss
scoring_elements 0.64355
published_at 2026-06-12T12:55:00Z
1
value 0.00454
scoring_system epss
scoring_elements 0.64364
published_at 2026-06-14T12:55:00Z
2
value 0.00454
scoring_system epss
scoring_elements 0.64368
published_at 2026-06-13T12:55:00Z
3
value 0.00454
scoring_system epss
scoring_elements 0.64252
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43409
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43409
reference_id CVE-2024-43409
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43409
2
reference_url https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db
reference_id dac25612520b571f58679764ecc27109e641d1db
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:32:40Z/
url https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db
3
reference_url https://github.com/advisories/GHSA-78x2-cwp9-5j42
reference_id GHSA-78x2-cwp9-5j42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-78x2-cwp9-5j42
4
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42
reference_id GHSA-78x2-cwp9-5j42
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:32:40Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42
fixed_packages
0
url pkg:npm/ghost@5.89.5
purl pkg:npm/ghost@5.89.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv37-vmbh-hbge
1
vulnerability VCID-f173-31n6-73fu
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.89.5
aliases CVE-2024-43409, GHSA-78x2-cwp9-5j42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3u5f-347g-a7cz
1
url VCID-744d-rhkz-87fp
vulnerability_id VCID-744d-rhkz-87fp
summary Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23724
reference_id
reference_type
scores
0
value 0.38375
scoring_system epss
scoring_elements 0.97344
published_at 2026-06-13T12:55:00Z
1
value 0.38375
scoring_system epss
scoring_elements 0.97345
published_at 2026-06-14T12:55:00Z
2
value 0.38375
scoring_system epss
scoring_elements 0.97335
published_at 2026-06-11T12:55:00Z
3
value 0.38375
scoring_system epss
scoring_elements 0.97342
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23724
1
reference_url https://rhinosecuritylabs.com/blog
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rhinosecuritylabs.com/blog
2
reference_url https://github.com/TryGhost/Ghost/pull/19646
reference_id 19646
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/
url https://github.com/TryGhost/Ghost/pull/19646
3
reference_url https://rhinosecuritylabs.com/blog/
reference_id blog
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/
url https://rhinosecuritylabs.com/blog/
4
reference_url https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724
reference_id CVE-2024-23724
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/
url https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23724
reference_id CVE-2024-23724
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23724
6
reference_url https://github.com/advisories/GHSA-99vc-xw8j-phjm
reference_id GHSA-99vc-xw8j-phjm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99vc-xw8j-phjm
fixed_packages
aliases CVE-2024-23724, GHSA-99vc-xw8j-phjm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-744d-rhkz-87fp
2
url VCID-c6w8-e895-yffy
vulnerability_id VCID-c6w8-e895-yffy
summary Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40028
reference_id
reference_type
scores
0
value 0.77606
scoring_system epss
scoring_elements 0.99012
published_at 2026-06-11T12:55:00Z
1
value 0.77606
scoring_system epss
scoring_elements 0.99017
published_at 2026-06-14T12:55:00Z
2
value 0.77606
scoring_system epss
scoring_elements 0.99016
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40028
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40028
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40028
2
reference_url https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205
reference_id 690fbf3f7302ff3f77159c0795928bdd20f41205
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/
url https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py
reference_id CVE-2023-40028
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py
4
reference_url https://github.com/advisories/GHSA-9c9v-w225-v5rg
reference_id GHSA-9c9v-w225-v5rg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c9v-w225-v5rg
5
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg
reference_id GHSA-9c9v-w225-v5rg
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg
fixed_packages
0
url pkg:npm/ghost@5.59.1
purl pkg:npm/ghost@5.59.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3u5f-347g-a7cz
1
vulnerability VCID-744d-rhkz-87fp
2
vulnerability VCID-cv37-vmbh-hbge
3
vulnerability VCID-f173-31n6-73fu
4
vulnerability VCID-uv9z-tvr6-7ugm
5
vulnerability VCID-v17s-qgdp-cyan
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.59.1
aliases CVE-2023-40028, GHSA-9c9v-w225-v5rg
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c6w8-e895-yffy
3
url VCID-cv37-vmbh-hbge
vulnerability_id VCID-cv37-vmbh-hbge
summary Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26980
reference_id
reference_type
scores
0
value 0.56657
scoring_system epss
scoring_elements 0.98173
published_at 2026-06-13T12:55:00Z
1
value 0.56657
scoring_system epss
scoring_elements 0.98174
published_at 2026-06-14T12:55:00Z
2
value 0.56657
scoring_system epss
scoring_elements 0.98172
published_at 2026-06-12T12:55:00Z
3
value 0.56657
scoring_system epss
scoring_elements 0.98166
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26980
1
reference_url https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980
2
reference_url https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91
reference_id 30868d632b2252b638bc8a4c8ebf73964592ed91
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/
url https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt
reference_id CVE-2026-26980
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26980
reference_id CVE-2026-26980
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26980
5
reference_url https://github.com/advisories/GHSA-w52v-v783-gw97
reference_id GHSA-w52v-v783-gw97
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w52v-v783-gw97
6
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97
reference_id GHSA-w52v-v783-gw97
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97
7
reference_url https://github.com/TryGhost/Ghost/releases/tag/v6.19.1
reference_id v6.19.1
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/
url https://github.com/TryGhost/Ghost/releases/tag/v6.19.1
fixed_packages
0
url pkg:npm/ghost@6.19.1
purl pkg:npm/ghost@6.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1
aliases CVE-2026-26980, GHSA-w52v-v783-gw97
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cv37-vmbh-hbge
4
url VCID-f173-31n6-73fu
vulnerability_id VCID-f173-31n6-73fu
summary Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Ghost Portal versions 2.29.1 through 2.51.4 and 2.52.0 through 2.57.0 were vulnerable to this issue. Ghost automatically loads the latest patch of the members Portal component via CDN. For Ghost 5.x users, upgrading to v5.121.0 or later fixes the vulnerability. v5.121.0 loads Portal v2.51.5, which contains the patch. For Ghost 6.x users, upgrading to v6.15.0 or later fixes the vulnerability. v6.15.0 loads Portal v2.57.1, which contains the patch. For Ghost installations using a customized or self-hosted version of Portal, it will be necessary to manually rebuild from or update to the latest patch version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24778
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05759
published_at 2026-06-14T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05778
published_at 2026-06-12T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05752
published_at 2026-06-11T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05769
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24778
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24778
reference_id CVE-2026-24778
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24778
2
reference_url https://github.com/TryGhost/Ghost/commit/da858e640e88e69c1773a7b7ecdc2008fa143849
reference_id da858e640e88e69c1773a7b7ecdc2008fa143849
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:11:07Z/
url https://github.com/TryGhost/Ghost/commit/da858e640e88e69c1773a7b7ecdc2008fa143849
3
reference_url https://github.com/advisories/GHSA-gv6q-2m97-882h
reference_id GHSA-gv6q-2m97-882h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gv6q-2m97-882h
4
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-gv6q-2m97-882h
reference_id GHSA-gv6q-2m97-882h
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:11:07Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-gv6q-2m97-882h
fixed_packages
0
url pkg:npm/ghost@5.121.0
purl pkg:npm/ghost@5.121.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mb5-8b85-d7bt
1
vulnerability VCID-4chn-jutc-fue2
2
vulnerability VCID-cv37-vmbh-hbge
3
vulnerability VCID-dqj6-6jfr-37ca
4
vulnerability VCID-k4ww-t1ck-jkcr
5
vulnerability VCID-uv9z-tvr6-7ugm
6
vulnerability VCID-z5jg-cfyj-sbg5
7
vulnerability VCID-z8d3-xben-ebay
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.121.0
1
url pkg:npm/ghost@6.15.0
purl pkg:npm/ghost@6.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.15.0
aliases CVE-2026-24778, GHSA-gv6q-2m97-882h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f173-31n6-73fu
5
url VCID-uv9z-tvr6-7ugm
vulnerability_id VCID-uv9z-tvr6-7ugm
summary Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29053
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09327
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09318
published_at 2026-06-14T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09328
published_at 2026-06-13T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09276
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29053
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29053
reference_id CVE-2026-29053
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29053
2
reference_url https://github.com/advisories/GHSA-cgc2-rcrh-qr5x
reference_id GHSA-cgc2-rcrh-qr5x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cgc2-rcrh-qr5x
3
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
reference_id GHSA-cgc2-rcrh-qr5x
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-05T15:29:20Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
fixed_packages
0
url pkg:npm/ghost@6.19.1
purl pkg:npm/ghost@6.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1
aliases CVE-2026-29053, GHSA-cgc2-rcrh-qr5x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uv9z-tvr6-7ugm
6
url VCID-v17s-qgdp-cyan
vulnerability_id VCID-v17s-qgdp-cyan
summary Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23725
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29831
published_at 2026-06-12T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.29833
published_at 2026-06-14T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.29848
published_at 2026-06-13T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.29634
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23725
1
reference_url https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002
2
reference_url https://github.com/TryGhost/Ghost/pull/17190
reference_id 17190
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/
url https://github.com/TryGhost/Ghost/pull/17190
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23725
reference_id CVE-2024-23725
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23725
4
reference_url https://github.com/advisories/GHSA-fh38-9fgr-454w
reference_id GHSA-fh38-9fgr-454w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh38-9fgr-454w
5
reference_url https://github.com/TryGhost/Ghost/releases/tag/v5.76.0
reference_id v5.76.0
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/
url https://github.com/TryGhost/Ghost/releases/tag/v5.76.0
fixed_packages
0
url pkg:npm/ghost@5.76.0
purl pkg:npm/ghost@5.76.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3u5f-347g-a7cz
1
vulnerability VCID-744d-rhkz-87fp
2
vulnerability VCID-cv37-vmbh-hbge
3
vulnerability VCID-f173-31n6-73fu
4
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.76.0
aliases CVE-2024-23725, GHSA-fh38-9fgr-454w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v17s-qgdp-cyan
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.50.1