Vulnerabilities > Ghost > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-08 | CVE-2023-31133 | Unspecified vulnerability in Ghost Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. | 7.5 |
| 2023-05-05 | CVE-2023-32235 | Path Traversal vulnerability in Ghost Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. | 7.5 |
| 2022-05-01 | CVE-2022-21227 | Unspecified vulnerability in Ghost Sqlite3 The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. | 7.5 |
| 2021-09-03 | CVE-2021-39192 | Improper Privilege Management vulnerability in Ghost Ghost is a Node.js content management system. | 7.2 |
| 2020-03-20 | CVE-2020-8134 | Server-Side Request Forgery (SSRF) vulnerability in Ghost Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. | 8.1 |