Tryghost Ghost
13 CVEs affecting Tryghost Ghost. Latest disclosed: 2026-03-07. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-26980 | Critical | 9.4 | 2026-02-20 | Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This… |
CVE-2026-24778 | High | 8.8 | 2026-01-27 | Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious… |
CVE-2026-22595 | High | 8.1 | 2026-01-10 | Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token… |
CVE-2026-22594 | High | 8.1 | 2026-01-10 | Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows sta… |
CVE-2026-29053 | High | 7.7 | 2026-03-05 | Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server runn… |
CVE-2026-29784 | High | 7.5 | 2026-03-07 | Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs i… |
CVE-2023-31133 | High | 7.5 | 2023-05-08 | Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to vers… |
CVE-2021-29484 | Medium | 6.8 | 2021-04-29 | Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. At… |
CVE-2026-22596 | Medium | 6.7 | 2026-01-10 | Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/… |
CVE-2024-43409 | Medium | 6.5 | 2024-08-20 | Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only… |
CVE-2021-39192 | Medium | 6.5 | 2021-09-03 | Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated us… |
CVE-2023-40028 | Medium | 4.9 | 2023-08-15 | Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files tha… |
CVE-2026-22597 | Low | 2.7 | 2026-01-10 | Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism a… |