@tryghost/portal
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting @tryghost/portalpage 1 of 1
- CVE-2024-43409MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.39.02024-08-20
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. This security vulnerability is present in …
- CVE-2026-24778HIGHCVSS 8.8EG 8.8✓ Fixed in 2.57.12026-01-27
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execut…
Check whether @tryghost/portal is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @tryghost/portal CVEs against the assets you own.
Start Free Scan →