pkg:npm/@keystone-6/core

5 total CVEsCRITICAL2MEDIUM2LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-39382@keystone-6/core's NODE_ENV defaults to development with esbuild
    >= 3.0.0, < 3.0.2
  • CRITICAL9.1CVE-2022-39322Field-level access-control bypass for multiselect field
    >= 2.2.0, < 2.3.1
  • MEDIUM5.3CVE-2023-40027When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible
    from 0, < 5.5.1
  • MEDIUM4.3CVE-2026-33326@keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix)
    from 0, < 6.5.2
  • LOW3.1CVE-2025-46720Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields
    from 0, < 6.5.0
npm/@keystone-6/core — 5 CVEs · VulnScope