pkg:npm/ghost

所有已知漏洞

• CRITICAL9.8CVE-2022-27139Arbitrary file upload in Ghost
  from 0, <= 4.39.0
• CRITICAL9.8CVE-2022-28397Arbitrary file upload in Ghost
  from 0, <= 4.42.0
• CRITICAL9.4CVE-2026-26980Ghost has a SQL Injection in its Content API
  >= 3.24.0, < 6.19.1
• HIGH8.8CVE-2026-24778Ghost vulnerable to XSS via malicious Portal preview links
  >= 5.43.0, < 5.121.0
• HIGH8.5CVE-2022-41654ghost vulnerable to unauthorized newsletter modification via improper access controls
  >= 5.0.0, < 5.22.7
• HIGH8.1CVE-2026-22595Ghost has Staff Token permission bypass
  >= 6.0.0, < 6.11.0
• HIGH8.1CVE-2026-22594Ghost has Staff 2FA bypass
  >= 6.0.0, < 6.11.0
• HIGH8.1CVE-2020-8134Server-side request forgery in Ghost CMS
  from 0, < 3.10.0
• HIGH7.6CVE-2026-29053Ghost Vulnerable to Remote Code Execution via Malicious Themes
  >= 0.7.2, < 6.19.1
• HIGH7.5CVE-2026-29784Ghost has incomplete CSRF protections around OTC use
  >= 5.101.6, < 6.19.3
• HIGH7.5CVE-2023-32235Path Traversal in Ghost
  from 0, < 5.42.1
• HIGH7.5CVE-2023-31133Ghost vulnerable to disclosure of private API fields
  from 0, < 5.46.1
• MEDIUM6.8CVE-2021-29484DOM XSS in Theme Preview
  >= 4.0.0, < 4.3.3
• MEDIUM6.7CVE-2026-22596Ghost has SQL Injection in Members Activity Feed
  >= 6.0.0, < 6.11.0
• MEDIUM6.5CVE-2024-43409Ghost's improper authentication allows access to member information and actions
  >= 4.46.0, < 5.89.5
• MEDIUM6.5CVE-2024-23724Ghost has possible Cross-site Scripting issue
  from 0, <= 5.76.0
• MEDIUM6.5CVE-2021-39192Privilege escalation: all users can access Admin-level API keys
  >= 4.0.0, < 4.10.0
• MEDIUM6.1CVE-2024-23725Cross-site Scripting in Ghost
  from 0, < 5.76.0
• MEDIUM4.9CVE-2023-40028Arbitrary file read via symlinks in Ghost
  from 0, < 5.59.1
• —CVE-2026-22597Ghost has SSRF via External Media Inliner
  >= 6.0.0, < 6.11.0
• —CVE-2025-9862Ghost 6.0.6 - SSRF via oEmbed Bookmark
  >= 6.0.0, < 6.0.9