Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/TryGhost/Ghost

Independent technology for modern publishing, memberships, subscriptions and newsletters.
https://github.com/TryGhost/Ghost

Moderate
GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D
Ghost's improper authentication allows access to member information and actions
Ecosystems: npm
Packages: @tryghost/portal, ghost
Source: github
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issue
Ecosystems: npm
Packages: ghost
Source: github
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG
Cross-site Scripting in Ghost
Ecosystems: npm
Packages: ghost
Source: github
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05Yzl2LXcyMjUtdjVyZ84AA1Uk
Ghost vulnerable to arbitrary file read via symlinks in content import
Ecosystems: npm
Packages: ghost
Source: github
Published: over 1 year ago
High
GSA_kwCzR0hTQS13Zjd4LWZoNnctMzRyNs4AAzGS
Path Traversal in Ghost
Ecosystems: npm
Packages: ghost
Source: github
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yOTdxLWdoY2gtODJqOc4AAzEw
Ghost vulnerable to information disclosure of private API fields
Ecosystems: npm
Packages: ghost
Source: github
Published: over 1 year ago
High
GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB
ghost vulnerable to unauthorized newsletter modification via improper access controls
Ecosystems: npm
Packages: ghost
Source: github
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03djI4LWcycHEtZ2dnOM4AArtH
Ghost vulnerable to remote code execution in locale setting change
Ecosystems: npm
Packages: ghost
Source: github
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mZmhxLWc4NTYtOWYycM06-g
Arbitrary file upload in Ghost
Ecosystems: npm
Packages: ghost
Source: github
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NXA3LXBqajgtZ2dtcs0V-w
Member account takeover
Ecosystems: npm
Packages: ghost
Source: github
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13ZnJqLXFxYzItODNjbc0V0g
Remote command injection when using sendmail email transport
Ecosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1YzItaG00Ni13cDVj
Privilege escalation: all users can access Admin-level API keys
Ecosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmZ3gtcTI1aC1qeHJn
DOM XSS in Theme Preview
Ecosystems: npm
Packages: ghost
Source: github
Published: over 3 years ago