Vulnerabilities > Keystonejs > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-39382 | Injection vulnerability in Keystonejs Keystone 3.0.0/3.0.1 Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/[email protected] || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `"development"` for user code, irrespective of what your environment variables. | 9.8 |
| 2022-10-25 | CVE-2022-39322 | Incorrect Authorization vulnerability in Keystonejs Keystone 2.2.0/2.3.0 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. | 9.8 |
| 2022-05-16 | CVE-2022-29354 | Unrestricted Upload of File with Dangerous Type vulnerability in Keystonejs Keystone 4.2.1 An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. | 9.8 |