Keystonejs
Products
1- Keystone14 CVEsnpm
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15879 | Hig | 0.61 | 8.8 | 0.07 | Oct 24, 2017 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | ||
| CVE-2017-16570 | Hig | 0.60 | 8.8 | 0.02 | Nov 6, 2017 | KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. | ||
| CVE-2017-15878 | Med | 0.43 | 6.1 | 0.03 | Oct 24, 2017 | A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. | ||
| CVE-2017-15881 | Med | 0.31 | 4.8 | 0.01 | Oct 24, 2017 | Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878. | ||
| CVE-2026-10802 | Med | 0.21 | 4.3 | 0.00 | Jun 4, 2026 | A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible… | ||
| CVE-2026-33326 | Med | 0.21 | 4.3 | 0.00 | Mar 24, 2026 | Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720… | ||
| CVE-2025-46720 | 0.00 | — | 0.00 | May 5, 2025 | Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of… | |||
| CVE-2023-40027 | 0.00 | — | 0.00 | Aug 15, 2023 | Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI… | |||
| CVE-2023-34247 | 0.00 | — | 0.00 | Jun 13, 2023 | Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be… | |||
| CVE-2022-39382 | 0.00 | — | 0.01 | Nov 3, 2022 | Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `"development"` for user code,… | |||
| CVE-2022-39322 | 0.00 | — | 0.01 | Oct 25, 2022 | @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are vulnerable to their… | |||
| CVE-2022-2447 | 0.00 | — | 0.01 | Sep 1, 2022 | A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than… | |||
| CVE-2022-0087 | 0.00 | — | 0.03 | Jan 11, 2022 | keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-32624 | 0.00 | — | 0.01 | May 24, 2021 | Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an… |
- risk 0.61cvss 8.8epss 0.07
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
- risk 0.60cvss 8.8epss 0.02
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.
- risk 0.43cvss 6.1epss 0.03
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
- risk 0.31cvss 4.8epss 0.01
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
- risk 0.21cvss 4.3epss 0.00
A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible…
- risk 0.21cvss 4.3epss 0.00
Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720…
- CVE-2025-46720May 5, 2025risk 0.00cvss —epss 0.00
Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of…
- CVE-2023-40027Aug 15, 2023risk 0.00cvss —epss 0.00
Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI…
- CVE-2023-34247Jun 13, 2023risk 0.00cvss —epss 0.00
Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be…
- CVE-2022-39382Nov 3, 2022risk 0.00cvss —epss 0.01
Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `"development"` for user code,…
- CVE-2022-39322Oct 25, 2022risk 0.00cvss —epss 0.01
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to version 2.3.1, users who expected their `multiselect` fields to use the field-level access control - if configured - are vulnerable to their…
- CVE-2022-2447Sep 1, 2022risk 0.00cvss —epss 0.01
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than…
- CVE-2022-0087Jan 11, 2022risk 0.00cvss —epss 0.03
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-32624May 24, 2021risk 0.00cvss —epss 0.01
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an…