{"url":"http://public2.vulnerablecode.io/api/packages/650884?format=json","purl":"pkg:npm/ghost@5.33.5","type":"npm","namespace":"","name":"ghost","version":"5.33.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.19.3","latest_non_vulnerable_version":"6.19.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50641?format=json","vulnerability_id":"VCID-3ccc-5hyx-8bfy","summary":"Ghost Vulnerable to Remote Code Execution via Malicious Themes\nSpecifically crafted malicious themes can execute arbitrary code on the server running Ghost.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0922","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09191","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09162","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0924","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09221","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29053"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053","reference_id":"CVE-2026-29053","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29053"},{"reference_url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"GHSA-cgc2-rcrh-qr5x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cgc2-rcrh-qr5x"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x","reference_id":"GHSA-cgc2-rcrh-qr5x","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-05T15:29:20Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74127?format=json","purl":"pkg:npm/ghost@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rdn5-yatw-jfcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1"}],"aliases":["CVE-2026-29053","GHSA-cgc2-rcrh-qr5x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ccc-5hyx-8bfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46996?format=json","vulnerability_id":"VCID-ayht-7ufu-17fa","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nGhost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724","reference_id":"","reference_type":"","scores":[{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97326","published_at":"2026-06-09T12:55:00Z"},{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-06-08T12:55:00Z"},{"value":"0.38375","scoring_system":"epss","scoring_elements":"0.97323","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23724"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/19646","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/19646"},{"reference_url":"https://rhinosecuritylabs.com/blog","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhinosecuritylabs.com/blog"},{"reference_url":"https://rhinosecuritylabs.com/blog/","reference_id":"blog","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://rhinosecuritylabs.com/blog/"},{"reference_url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724","reference_id":"CVE-2024-23724","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-12T17:17:21Z/"}],"url":"https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724","reference_id":"CVE-2024-23724","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23724"},{"reference_url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm","reference_id":"GHSA-99vc-xw8j-phjm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99vc-xw8j-phjm"}],"fixed_packages":[],"aliases":["CVE-2024-23724","GHSA-99vc-xw8j-phjm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ayht-7ufu-17fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46868?format=json","vulnerability_id":"VCID-gdm7-4ufz-kydq","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nGhost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29619","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.296","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29688","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29652","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29586","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23725"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/pull/17190","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/pull/17190"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:35:42Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.76.0"},{"reference_url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yunaycompany/Ghost/commit/64d67717f7c76c77b3908e15627f473e9ef34002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725","reference_id":"CVE-2024-23725","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23725"},{"reference_url":"https://github.com/advisories/GHSA-fh38-9fgr-454w","reference_id":"GHSA-fh38-9fgr-454w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh38-9fgr-454w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68571?format=json","purl":"pkg:npm/ghost@5.76.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-fjk7-enzv-a7hm"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.76.0"}],"aliases":["CVE-2024-23725","GHSA-fh38-9fgr-454w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdm7-4ufz-kydq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45132?format=json","vulnerability_id":"VCID-gnc6-cpen-4fd7","summary":"Ghost vulnerable to information disclosure of private API fields\n### Impact\n\nDue to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.\n\nGhost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added.\n\nSelf-hosters are impacted if running Ghost a version below v5.46.1. Immediate action should be taken to secure your site - see patches and workarounds below.\n\n### Patches\n\nv5.46.1 contains a fix for this issue.\n\n### Workarounds\n\nAdd a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Email us at [security@ghost.org](mailto:security@ghost.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"0.06897","scoring_system":"epss","scoring_elements":"0.91552","published_at":"2026-06-08T12:55:00Z"},{"value":"0.06897","scoring_system":"epss","scoring_elements":"0.91556","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06897","scoring_system":"epss","scoring_elements":"0.91555","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06897","scoring_system":"epss","scoring_elements":"0.91558","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0717","scoring_system":"epss","scoring_elements":"0.91743","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31133"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/b3caf16005289cc9909488391b4a26f3f4a66a90"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v5.46.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31133"},{"reference_url":"https://github.com/advisories/GHSA-r97q-ghch-82j9","reference_id":"GHSA-r97q-ghch-82j9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r97q-ghch-82j9"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9","reference_id":"GHSA-r97q-ghch-82j9","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:53:14Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65060?format=json","purl":"pkg:npm/ghost@5.46.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-fjk7-enzv-a7hm"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-q9ty-mpku-13fg"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.46.1"}],"aliases":["CVE-2023-31133","GHSA-r97q-ghch-82j9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnc6-cpen-4fd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55715?format=json","vulnerability_id":"VCID-gre3-rvmc-yfex","summary":"Ghost's improper authentication allows access to member information and actions\nImproper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43409","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64192","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64172","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64185","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64196","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64188","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43409"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:32:40Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43409","reference_id":"CVE-2024-43409","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43409"},{"reference_url":"https://github.com/advisories/GHSA-78x2-cwp9-5j42","reference_id":"GHSA-78x2-cwp9-5j42","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-78x2-cwp9-5j42"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42","reference_id":"GHSA-78x2-cwp9-5j42","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:32:40Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82430?format=json","purl":"pkg:npm/ghost@5.89.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-fjk7-enzv-a7hm"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.89.5"}],"aliases":["CVE-2024-43409","GHSA-78x2-cwp9-5j42"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gre3-rvmc-yfex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45843?format=json","vulnerability_id":"VCID-q9ty-mpku-13fg","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nGhost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028","reference_id":"","reference_type":"","scores":[{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.99009","published_at":"2026-06-09T12:55:00Z"},{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.9901","published_at":"2026-06-07T12:55:00Z"},{"value":"0.77606","scoring_system":"epss","scoring_elements":"0.99011","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40028"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py","reference_id":"CVE-2023-40028","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52409.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028","reference_id":"CVE-2023-40028","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40028"},{"reference_url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg","reference_id":"GHSA-9c9v-w225-v5rg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9c9v-w225-v5rg"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg","reference_id":"GHSA-9c9v-w225-v5rg","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T17:45:27Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66563?format=json","purl":"pkg:npm/ghost@5.59.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-fjk7-enzv-a7hm"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.59.1"}],"aliases":["CVE-2023-40028","GHSA-9c9v-w225-v5rg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9ty-mpku-13fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45123?format=json","vulnerability_id":"VCID-qrjm-axkj-37c4","summary":"Path Traversal in Ghost\nGhost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235","reference_id":"","reference_type":"","scores":[{"value":"0.94094","scoring_system":"epss","scoring_elements":"0.99911","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32235"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f"},{"reference_url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T16:27:01Z/"}],"url":"https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py","reference_id":"CVE-2023-32235","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52408.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235","reference_id":"CVE-2023-32235","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32235"},{"reference_url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6","reference_id":"GHSA-wf7x-fh6w-34r6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf7x-fh6w-34r6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65054?format=json","purl":"pkg:npm/ghost@5.42.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3ccc-5hyx-8bfy"},{"vulnerability":"VCID-ayht-7ufu-17fa"},{"vulnerability":"VCID-gdm7-4ufz-kydq"},{"vulnerability":"VCID-gnc6-cpen-4fd7"},{"vulnerability":"VCID-gre3-rvmc-yfex"},{"vulnerability":"VCID-q9ty-mpku-13fg"},{"vulnerability":"VCID-vmjp-z3ex-eqcr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.42.1"}],"aliases":["CVE-2023-32235","GHSA-wf7x-fh6w-34r6"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrjm-axkj-37c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50233?format=json","vulnerability_id":"VCID-vmjp-z3ex-eqcr","summary":"Ghost has a SQL injection in Content API\nA SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26980","reference_id":"","reference_type":"","scores":[{"value":"0.56657","scoring_system":"epss","scoring_elements":"0.98163","published_at":"2026-06-09T12:55:00Z"},{"value":"0.56657","scoring_system":"epss","scoring_elements":"0.98164","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26980"},{"reference_url":"https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980"},{"reference_url":"https://github.com/TryGhost/Ghost","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TryGhost/Ghost"},{"reference_url":"https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/"}],"url":"https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91"},{"reference_url":"https://github.com/TryGhost/Ghost/releases/tag/v6.19.1","reference_id":"","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/"}],"url":"https://github.com/TryGhost/Ghost/releases/tag/v6.19.1"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt","reference_id":"CVE-2026-26980","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26980","reference_id":"CVE-2026-26980","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26980"},{"reference_url":"https://github.com/advisories/GHSA-w52v-v783-gw97","reference_id":"GHSA-w52v-v783-gw97","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w52v-v783-gw97"},{"reference_url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97","reference_id":"GHSA-w52v-v783-gw97","reference_type":"","scores":[{"value":"9.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/"}],"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74127?format=json","purl":"pkg:npm/ghost@6.19.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rdn5-yatw-jfcf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1"}],"aliases":["CVE-2026-26980","GHSA-w52v-v783-gw97"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmjp-z3ex-eqcr"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.33.5"}