npm package
@tryghost/portal
pkg:npm/%40tryghost/portal
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24778 | — | >= 2.29.1, < 2.51.5 | 2.51.5 | Jan 27, 2026 | Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permission | ||
| CVE-2024-43409 | — | >= 1.22.2, < 2.39.0 | 2.39.0 | Aug 20, 2024 | Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a |
- CVE-2026-24778Jan 27, 2026affected >= 2.29.1, < 2.51.5fixed 2.51.5
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permission
- CVE-2024-43409Aug 20, 2024affected >= 1.22.2, < 2.39.0fixed 2.39.0
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a