Known Vulnerabilities for products from Keystonejs
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Keystonejs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33326 json | Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be bypas... | Not Provided | 2026-03-24 | 2026-05-04 |
| CVE-2023-40027 json | Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `un... | 5.3 - MEDIUM | 2023-08-15 | 2023-08-23 |
| CVE-2023-34247 json | Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0... | 4.1 - MEDIUM | 2023-06-13 | 2023-06-23 |
| CVE-2022-39382 json | Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/[email protected] || 3.0.1` users that use `NOD... | 9.8 - CRITICAL | 2022-11-03 | 2022-11-04 |
| CVE-2022-39322 json | @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and p... | 9.8 - CRITICAL | 2022-10-25 | 2022-10-28 |
| CVE-2022-29354 json | An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary cod... | 9.8 - CRITICAL | 2022-05-16 | 2022-05-24 |
| CVE-2022-0087 json | keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 - MEDIUM | 2022-01-12 | 2022-01-18 |
| CVE-2021-32624 json | Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered... | 5.3 - MEDIUM | 2021-05-24 | 2021-05-28 |
| CVE-2017-16570 json | KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7... | Not Provided | 2017-11-06 | 2025-04-20 |
| CVE-2017-15881 json | Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arb... | Not Provided | 2017-10-24 | 2025-04-20 |
| CVE-2017-15879 json | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData... | Not Provided | 2017-10-24 | 2025-04-20 |
| CVE-2017-15878 json | A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 ... | Not Provided | 2017-10-24 | 2025-04-20 |
| CVE-2015-9240 json | Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses c... | 7.5 - HIGH | 2018-05-29 | 2018-07-20 |
Known software with vulnerabilities from Keystonejs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Keystonejs | Keystone | 0.0.10 |