Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

Ghost

Fiercely independent, professional publishing
Collective - Host: opensource - https://opencollective.com/ghost - Website: https://ghost.org - Code: https://github.com/tryghost

Moderate

Ghost: GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D

Ghost's improper authentication allows access to member information and actions
Ecosystems: npm
Packages: @tryghost/portal, ghost
Source: github
Published: 5 months ago

Moderate

Ghost: GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7

Ghost has possible Cross-site Scripting issue
Ecosystems: npm
Packages: ghost
Source: github
Published: 12 months ago

Moderate

Ghost: GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG

Cross-site Scripting in Ghost
Ecosystems: npm
Packages: ghost
Source: github
Published: about 1 year ago

Moderate

Ghost: GSA_kwCzR0hTQS05Yzl2LXcyMjUtdjVyZ84AA1Uk

Ghost vulnerable to arbitrary file read via symlinks in content import
Ecosystems: npm
Packages: ghost
Source: github
Published: over 1 year ago

High

Ghost: GSA_kwCzR0hTQS13Zjd4LWZoNnctMzRyNs4AAzGS

Path Traversal in Ghost
Ecosystems: npm
Packages: ghost
Source: github
Published: over 1 year ago

High

Ghost: GSA_kwCzR0hTQS1yOTdxLWdoY2gtODJqOc4AAzEw

Ghost vulnerable to information disclosure of private API fields
Ecosystems: npm
Packages: ghost
Source: github
Published: over 1 year ago

High

node-sqlite3: GSA_kwCzR0hTQS1qcXY1LTd4cHgtcWo3NM4AAyEw

sqlite vulnerable to code execution due to Object coercion
Ecosystems: npm
Packages: sqlite3
Source: github
Published: almost 2 years ago

High

Ghost: GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB

ghost vulnerable to unauthorized newsletter modification via improper access controls
Ecosystems: npm
Packages: ghost
Source: github
Published: about 2 years ago

Moderate

Ghost: GSA_kwCzR0hTQS03djI4LWcycHEtZ2dnOM4AArtH

Ghost vulnerable to remote code execution in locale setting change
Ecosystems: npm
Packages: ghost
Source: github
Published: over 2 years ago

High

node-sqlite3: GSA_kwCzR0hTQS05cXJoLXFqbWMtNXcycM1BjA

Denial-of-Service when binding invalid parameters in sqlite3
Ecosystems: npm
Packages: sqlite3
Source: github
Published: over 2 years ago

Critical

Ghost: GSA_kwCzR0hTQS1mZmhxLWc4NTYtOWYycM06-g

Arbitrary file upload in Ghost
Ecosystems: npm
Packages: ghost
Source: github
Published: almost 3 years ago

Moderate

Ghost: GSA_kwCzR0hTQS02NXA3LXBqajgtZ2dtcs0V-w

Member account takeover
Ecosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago

Moderate

Ghost: GSA_kwCzR0hTQS13ZnJqLXFxYzItODNjbc0V0g

Remote command injection when using sendmail email transport
Ecosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago

Moderate

Ghost: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1YzItaG00Ni13cDVj

Privilege escalation: all users can access Admin-level API keys
Ecosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago

Moderate

express-hbs: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3eHAtaHd3Zi02NTN2

Insecure template handling in express-hbs
Ecosystems: npm
Packages: express-hbs
Source: github
Published: over 3 years ago

Moderate

Ghost: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmZ3gtcTI1aC1qeHJn

DOM XSS in Theme Preview
Ecosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago