汇总 ghost 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 SSRF、SQL 注入、CSRF与文件包含,在 软件部署与生产负载 使用场景中可能带来 数据泄露、应用崩溃与内存损坏 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-29784 | Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. This issue has been patched in version 6.19.3. | [email protected] | 7.5 | 0.02% | 2026-03-07 | 2026-03-09 |
| CVE-2026-29053 | Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1. | [email protected] | 7.6 | 0.03% | 2026-03-05 | 2026-03-09 |
| CVE-2026-26980 | Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1. | [email protected] | 9.4 | 56.66% | 2026-02-20 | 2026-05-26 |
| CVE-2026-24778 | Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Ghost Portal versions 2.29.1 through 2.51.4 and 2.52.0 through 2.57.0 were vulnerable to this issue. Ghost automatically loads the latest patch of the members Portal component | [email protected] | 8.8 | 0.04% | 2026-01-27 | 2026-02-02 |
| CVE-2026-22597 | Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0. | [email protected] | 5.1 | 0.03% | 2026-01-10 | 2026-04-29 |
| CVE-2026-22596 | Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0. | [email protected] | 6.7 | 0.06% | 2026-01-10 | 2026-01-15 |
| CVE-2026-22595 | Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0. | [email protected] | 8.1 | 0.03% | 2026-01-10 | 2026-01-15 |
| CVE-2026-22594 | Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0. | [email protected] | 8.1 | 0.03% | 2026-01-10 | 2026-01-15 |
| CVE-2025-9862 | Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3. | [email protected] | 6.1 | 0.02% | 2025-09-17 | 2026-02-24 |
| CVE-2024-43409 | Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in Ghost v4.46.0-v5.89.4. v5.89.5 contains a fix for this issue. | [email protected] | 6.5 | 0.45% | 2024-08-20 | 2024-08-26 |
| CVE-2024-34451 | Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers. | [email protected] | 9.1 | 0.69% | 2024-06-16 | 2025-06-20 |
| CVE-2024-34448 | Ghost before 5.82.0 allows CSV Injection during a member CSV export. | [email protected] | 8.8 | 0.17% | 2024-05-22 | 2025-04-18 |
| CVE-2024-23724 | Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector." | [email protected] | 9.0 | 38.38% | 2024-02-11 | 2024-11-21 |
| CVE-2024-23725 | Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. | [email protected] | 6.1 | 0.09% | 2024-01-21 | 2025-05-30 |
| CVE-2023-40028 | Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known w | [email protected] | 4.9 | 77.61% | 2023-08-15 | 2024-11-21 |
| CVE-2023-31133 | Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a | [email protected] | 7.5 | 7.17% | 2023-05-08 | 2024-11-21 |
| CVE-2023-32235 | Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. | [email protected] | 7.5 | 94.09% | 2023-05-05 | 2025-01-29 |
| CVE-2020-24736 | Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script. | [email protected] | 5.5 | 0.04% | 2023-04-11 | 2025-02-11 |
| CVE-2022-43441 | A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability. | [email protected] | 8.1 | 6.85% | 2023-03-16 | 2024-11-21 |
| CVE-2023-26510 | Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. | [email protected] | 5.7 | 0.29% | 2023-03-05 | 2024-11-21 |