Search for packages
| purl | pkg:npm/ghost@5.87.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3u5f-347g-a7cz
Aliases: CVE-2024-43409 GHSA-78x2-cwp9-5j42 |
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. |
Affected by 3 other vulnerabilities. |
|
VCID-cv37-vmbh-hbge
Aliases: CVE-2026-26980 GHSA-w52v-v783-gw97 |
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1. |
Affected by 1 other vulnerability. |
|
VCID-f173-31n6-73fu
Aliases: CVE-2026-24778 GHSA-gv6q-2m97-882h |
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Ghost Portal versions 2.29.1 through 2.51.4 and 2.52.0 through 2.57.0 were vulnerable to this issue. Ghost automatically loads the latest patch of the members Portal component via CDN. For Ghost 5.x users, upgrading to v5.121.0 or later fixes the vulnerability. v5.121.0 loads Portal v2.51.5, which contains the patch. For Ghost 6.x users, upgrading to v6.15.0 or later fixes the vulnerability. v6.15.0 loads Portal v2.57.1, which contains the patch. For Ghost installations using a customized or self-hosted version of Portal, it will be necessary to manually rebuild from or update to the latest patch version. |
Affected by 8 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-uv9z-tvr6-7ugm
Aliases: CVE-2026-29053 GHSA-cgc2-rcrh-qr5x |
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T21:16:03.706996+00:00 | GitLab Importer | Affected by | VCID-uv9z-tvr6-7ugm | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ghost/CVE-2026-29053.yml | 38.6.0 |
| 2026-06-12T21:00:38.472005+00:00 | GitLab Importer | Affected by | VCID-cv37-vmbh-hbge | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ghost/CVE-2026-26980.yml | 38.6.0 |
| 2026-06-12T20:53:24.655302+00:00 | GitLab Importer | Affected by | VCID-f173-31n6-73fu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ghost/CVE-2026-24778.yml | 38.6.0 |
| 2026-06-12T19:37:35.752501+00:00 | GitLab Importer | Affected by | VCID-3u5f-347g-a7cz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ghost/CVE-2024-43409.yml | 38.6.0 |