Ghost
This hub aggregates every CVE we track for Ghost, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
40
CVEs tracked
6
Critical
11
High
0
In CISA KEV
Severity distribution
MEDIUM22HIGH11CRITICAL6LOW1
Monthly trend
1
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
5
2
2
0
0
8
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Ghost.
- CVE-2026-53943Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header9.6
- CVE-2026-53944Ghost: Private IP filtering bypass to make server-side requests to internal services5.8
- CVE-2026-53945Ghost: Server-side request forgery via DNS rebinding in external request handling4.0
- CVE-2026-53946Ghost: Mobiledoc image-size fetch SSRF5.4
- CVE-2026-53947Ghost: Member existence leak via magic link sign-in response5.3
- CVE-2026-53948Ghost: File Upload Content-Type Spoofing5.4
- CVE-2026-53949Ghost Content API filter bypass reveals private fields5.3
- CVE-2026-53950@tryghost/activitypub: XSS in Ghost's ActivityPub client7.5
- CVE-2026-29784Ghost: Incomplete CSRF protections around OTC use7.5
- CVE-2026-29053Ghost Vulnerable to Remote Code Execution via Malicious Themes7.6
- CVE-2026-26365Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" co...4.0
- CVE-2026-26980Ghost has a SQL Injection in its Content API9.4
- CVE-2026-24778Ghost vulnerable to XSS via malicious Portal preview links8.8
- CVE-2026-22597Ghost has SSRF via External Media Inliner2.7
- CVE-2026-22596Ghost has SQL Injection in Members Activity Feed6.7
Product normalization is registry-driven with AI assist and human review. How it works