VYPR

npm package

@tryghost/portal

pkg:npm/%40tryghost/portal

Vulnerabilities (2)

  • CVE-2026-24778Jan 27, 2026
    affected >= 2.29.1, < 2.51.5fixed 2.51.5

    Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permission

  • CVE-2024-43409Aug 20, 2024
    affected >= 1.22.2, < 2.39.0fixed 2.39.0

    Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a