>= 4.39.0, < 4.39.1
>= 4.42.0, < 4.42.1
>= 3.24.0, < 6.19.1
CRITICAL9.1Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For head…
from 0, < 5.110.4
HIGH8.8Ghost vulnerable to XSS via malicious Portal preview links
>= 5.43.0, < 5.121.0, >= 6.0.0, < 6.15.0
HIGH8.8Ghost allows CSV Injection during member CSV export
from 0, < 5.82.0
HIGH8.5ghost vulnerable to unauthorized newsletter modification via improper access controls
>= 4.46.0, < 4.48.8, >= 5.0.0, < 5.22.7
HIGH8.1Ghost has Staff Token permission bypass
>= 5.121.0, < 5.130.6, >= 6.0.0, < 6.11.0
HIGH8.1Ghost has Staff 2FA bypass
>= 5.105.0, < 5.130.6, >= 6.0.0, < 6.11.0
HIGH8.1Server-side request forgery in Ghost CMS
from 0, < 3.10.0
HIGH7.6Ghost Vulnerable to Remote Code Execution via Malicious Themes
>= 0.7.2, < 6.19.1
HIGH7.5Ghost has incomplete CSRF protections around OTC use
>= 5.101.6, < 6.19.3
HIGH7.5Insertion of Sensitive Information into Log File vulnerability in Ghost Foundation Ghost.This issue affects Ghost: from n/a through 1.4.0.
from 0, < 1.5.0
HIGH7.5Path Traversal in Ghost
from 0, < 5.42.1
HIGH7.5Ghost vulnerable to information disclosure of private API fields
from 0, < 5.46.1
MEDIUM6.8DOM XSS in Theme Preview
>= 4.0.0, < 4.3.3
MEDIUM6.7Ghost has SQL Injection in Members Activity Feed
>= 5.90.0, < 5.130.6, >= 6.0.0, < 6.11.0
MEDIUM6.5Ghost's improper authentication allows access to member information and actions
>= 4.46.0, < 5.89.5
MEDIUM6.5Ghost has possible Cross-site Scripting issue
from 0, < 5.82.11
MEDIUM6.5Privilege escalation: all users can access Admin-level API keys
>= 4.0.0, < 4.10.0
MEDIUM6.1Cross-site Scripting in Ghost
from 0, < 5.76.0
MEDIUM5.7Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security…
>= 5.35.0, < 5.35.1
MEDIUM5.4An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
>= 5.9.4, < 5.9.5
MEDIUM5.4An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
>= 5.9.4, < 5.9.5
MEDIUM5.4An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
>= 5.9.4, < 5.9.5
MEDIUM5.4An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4.
>= 5.9.4, < 5.9.5
MEDIUM5.3A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4.
>= 5.9.4, < 5.9.5
MEDIUM4.9Ghost vulnerable to arbitrary file read via symlinks in content import
from 0, < 5.59.1
—Ghost has SSRF via External Media Inliner
>= 5.38.0, < 5.130.6, >= 6.0.0, < 6.11.0
—Ghost vulnerable to Server Side Request Forgery (SSRF) via oEmbed Bookmark
>= 5.99.0, < 5.130.5, >= 6.0.0, < 6.0.9