Known Vulnerabilities for products from Ghost
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ghost".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39484 json | Not Provided | 2026-04-08 | 2026-04-14 | |
| CVE-2025-53567 json | Not Provided | 2025-08-20 | 2026-04-01 | |
| CVE-2025-26909 json | Not Provided | 2025-03-27 | 2026-04-01 | |
| CVE-2024-23725 json | 6.1 - MEDIUM | 2024-01-21 | 2024-01-29 | |
| CVE-2023-40028 json | Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authe... | 6.5 - MEDIUM | 2023-08-15 | 2023-08-23 |
| CVE-2023-32235 json | Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2... | 7.5 - HIGH | 2023-05-05 | 2023-05-11 |
| CVE-2023-31133 json | Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subsc... | 7.5 - HIGH | 2023-05-08 | 2023-05-15 |
| CVE-2023-26510 json | Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent wi... | 5.7 - MEDIUM | 2023-03-05 | 2023-03-09 |
| CVE-2022-47197 json | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installa... | 5.4 - MEDIUM | 2023-01-19 | 2023-01-27 |
| CVE-2022-47196 json | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installa... | 5.4 - MEDIUM | 2023-01-19 | 2023-06-23 |
| CVE-2022-47195 json | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installa... | 5.4 - MEDIUM | 2023-01-19 | 2023-01-27 |
| CVE-2022-47194 json | An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installa... | 5.4 - MEDIUM | 2023-01-19 | 2023-06-27 |
| CVE-2022-43441 json | A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A speci... | 9.8 - CRITICAL | 2023-03-16 | 2023-03-22 |
| CVE-2022-41697 json | A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP ... | 5.3 - MEDIUM | 2022-12-22 | 2022-12-29 |
| CVE-2022-41654 json | An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A... | 4.3 - MEDIUM | 2022-12-22 | 2022-12-29 |
| CVE-2022-28397 json | ** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to exec... | 9.8 - CRITICAL | 2022-04-12 | 2023-11-07 |
| CVE-2022-27139 json | ** DISPUTED ** An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute ... | 9.8 - CRITICAL | 2022-04-12 | 2023-11-07 |
| CVE-2022-21227 json | The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the pas... | 7.5 - HIGH | 2022-05-01 | 2022-05-11 |
| CVE-2022-4537 json | Not Provided | 2023-05-09 | 2026-04-08 | |
| CVE-2021-39192 json | Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and... | 7.2 - HIGH | 2021-09-03 | 2021-09-10 |
Known software with vulnerabilities from Ghost
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ghost | Ghost | - |