Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/ghost@5.82.4
Typenpm
Namespace
Nameghost
Version5.82.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.19.3
Latest_non_vulnerable_version6.19.3
Affected_by_vulnerabilities
0
url VCID-3u5f-347g-a7cz
vulnerability_id VCID-3u5f-347g-a7cz
summary Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43409
reference_id
reference_type
scores
0
value 0.00454
scoring_system epss
scoring_elements 0.64355
published_at 2026-06-12T12:55:00Z
1
value 0.00454
scoring_system epss
scoring_elements 0.64364
published_at 2026-06-14T12:55:00Z
2
value 0.00454
scoring_system epss
scoring_elements 0.64368
published_at 2026-06-13T12:55:00Z
3
value 0.00454
scoring_system epss
scoring_elements 0.64252
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43409
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43409
reference_id CVE-2024-43409
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43409
2
reference_url https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db
reference_id dac25612520b571f58679764ecc27109e641d1db
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:32:40Z/
url https://github.com/TryGhost/Ghost/commit/dac25612520b571f58679764ecc27109e641d1db
3
reference_url https://github.com/advisories/GHSA-78x2-cwp9-5j42
reference_id GHSA-78x2-cwp9-5j42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-78x2-cwp9-5j42
4
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42
reference_id GHSA-78x2-cwp9-5j42
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-21T14:32:40Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-78x2-cwp9-5j42
fixed_packages
0
url pkg:npm/ghost@5.89.5
purl pkg:npm/ghost@5.89.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cv37-vmbh-hbge
1
vulnerability VCID-f173-31n6-73fu
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.89.5
aliases CVE-2024-43409, GHSA-78x2-cwp9-5j42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3u5f-347g-a7cz
1
url VCID-cv37-vmbh-hbge
vulnerability_id VCID-cv37-vmbh-hbge
summary Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26980
reference_id
reference_type
scores
0
value 0.56657
scoring_system epss
scoring_elements 0.98173
published_at 2026-06-13T12:55:00Z
1
value 0.56657
scoring_system epss
scoring_elements 0.98174
published_at 2026-06-14T12:55:00Z
2
value 0.56657
scoring_system epss
scoring_elements 0.98172
published_at 2026-06-12T12:55:00Z
3
value 0.56657
scoring_system epss
scoring_elements 0.98166
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26980
1
reference_url https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980
reference_id
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980
2
reference_url https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91
reference_id 30868d632b2252b638bc8a4c8ebf73964592ed91
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/
url https://github.com/TryGhost/Ghost/commit/30868d632b2252b638bc8a4c8ebf73964592ed91
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt
reference_id CVE-2026-26980
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52555.txt
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26980
reference_id CVE-2026-26980
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26980
5
reference_url https://github.com/advisories/GHSA-w52v-v783-gw97
reference_id GHSA-w52v-v783-gw97
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w52v-v783-gw97
6
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97
reference_id GHSA-w52v-v783-gw97
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-w52v-v783-gw97
7
reference_url https://github.com/TryGhost/Ghost/releases/tag/v6.19.1
reference_id v6.19.1
reference_type
scores
0
value 9.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-20T15:30:19Z/
url https://github.com/TryGhost/Ghost/releases/tag/v6.19.1
fixed_packages
0
url pkg:npm/ghost@6.19.1
purl pkg:npm/ghost@6.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1
aliases CVE-2026-26980, GHSA-w52v-v783-gw97
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cv37-vmbh-hbge
2
url VCID-f173-31n6-73fu
vulnerability_id VCID-f173-31n6-73fu
summary Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Ghost Portal versions 2.29.1 through 2.51.4 and 2.52.0 through 2.57.0 were vulnerable to this issue. Ghost automatically loads the latest patch of the members Portal component via CDN. For Ghost 5.x users, upgrading to v5.121.0 or later fixes the vulnerability. v5.121.0 loads Portal v2.51.5, which contains the patch. For Ghost 6.x users, upgrading to v6.15.0 or later fixes the vulnerability. v6.15.0 loads Portal v2.57.1, which contains the patch. For Ghost installations using a customized or self-hosted version of Portal, it will be necessary to manually rebuild from or update to the latest patch version.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24778
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05759
published_at 2026-06-14T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05778
published_at 2026-06-12T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05752
published_at 2026-06-11T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05769
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24778
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24778
reference_id CVE-2026-24778
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24778
2
reference_url https://github.com/TryGhost/Ghost/commit/da858e640e88e69c1773a7b7ecdc2008fa143849
reference_id da858e640e88e69c1773a7b7ecdc2008fa143849
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:11:07Z/
url https://github.com/TryGhost/Ghost/commit/da858e640e88e69c1773a7b7ecdc2008fa143849
3
reference_url https://github.com/advisories/GHSA-gv6q-2m97-882h
reference_id GHSA-gv6q-2m97-882h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gv6q-2m97-882h
4
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-gv6q-2m97-882h
reference_id GHSA-gv6q-2m97-882h
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-28T21:11:07Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-gv6q-2m97-882h
fixed_packages
0
url pkg:npm/ghost@5.121.0
purl pkg:npm/ghost@5.121.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3mb5-8b85-d7bt
1
vulnerability VCID-4chn-jutc-fue2
2
vulnerability VCID-cv37-vmbh-hbge
3
vulnerability VCID-dqj6-6jfr-37ca
4
vulnerability VCID-k4ww-t1ck-jkcr
5
vulnerability VCID-uv9z-tvr6-7ugm
6
vulnerability VCID-z5jg-cfyj-sbg5
7
vulnerability VCID-z8d3-xben-ebay
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.121.0
1
url pkg:npm/ghost@6.15.0
purl pkg:npm/ghost@6.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
1
vulnerability VCID-cv37-vmbh-hbge
2
vulnerability VCID-uv9z-tvr6-7ugm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.15.0
aliases CVE-2026-24778, GHSA-gv6q-2m97-882h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f173-31n6-73fu
3
url VCID-uv9z-tvr6-7ugm
vulnerability_id VCID-uv9z-tvr6-7ugm
summary Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29053
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09327
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09318
published_at 2026-06-14T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09328
published_at 2026-06-13T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09276
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29053
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29053
reference_id CVE-2026-29053
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29053
2
reference_url https://github.com/advisories/GHSA-cgc2-rcrh-qr5x
reference_id GHSA-cgc2-rcrh-qr5x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cgc2-rcrh-qr5x
3
reference_url https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
reference_id GHSA-cgc2-rcrh-qr5x
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
1
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-05T15:29:20Z/
url https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x
fixed_packages
0
url pkg:npm/ghost@6.19.1
purl pkg:npm/ghost@6.19.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4chn-jutc-fue2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ghost@6.19.1
aliases CVE-2026-29053, GHSA-cgc2-rcrh-qr5x
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uv9z-tvr6-7ugm
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/ghost@5.82.4