Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TryGhost — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting TryGhost. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TryGhost is an open-source publishing platform focused on creating professional blogs and websites. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with 14 CVEs documented. The platform's modular architecture with themes and apps introduces potential attack surfaces. Notable security characteristics include its Node.js backend and emphasis on performance, though past incidents have involved authentication bypass flaws and insecure default configurations. Security researchers have identified issues related to improper input validation and insufficient access controls, highlighting the importance of regular updates and hardening for production deployments.

Found 13 results / 14Clear Filters
Top products by TryGhost: Ghost express-hbs
CVE IDTitleCVSSSeverityPublished
CVE-2026-29784 Ghost: Incomplete CSRF protections around OTC use — GhostCWE-352 7.5 High2026-03-07
CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes — GhostCWE-74 7.7 High2026-03-05
CVE-2026-26980 Ghost has a SQL Injection in its Content API — GhostCWE-89 9.4 Critical2026-02-20
CVE-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links — GhostCWE-79 8.8 High2026-01-27
CVE-2026-22597 Ghost has SSRF via External Media Inliner — GhostCWE-918 6.5 -2026-01-10
CVE-2026-22596 Ghost has SQL Injection in Members Activity Feed — GhostCWE-89 6.7 Medium2026-01-10
CVE-2026-22595 Ghost has Staff Token permission bypass — GhostCWE-863 8.1 High2026-01-10
CVE-2026-22594 Ghost has Staff 2FA bypass — GhostCWE-287 8.1 High2026-01-10
CVE-2024-43409 Ghost's improper authentication allows access to member information and actions — GhostCWE-284 6.5 Medium2024-08-20
CVE-2023-40028 Arbitrary file read via symlinks in Ghost — GhostCWE-22 4.9 Medium2023-08-15
CVE-2023-31133 Ghost vulnerable to disclosure of private API fields — GhostCWE-200 7.5 High2023-05-08
CVE-2021-39192 Privilege escalation: all users can access Admin-level API keys — GhostCWE-200 6.5 Medium2021-09-03
CVE-2021-29484 DOM XSS in Theme Preview — GhostCWE-79 6.8 Medium2021-04-29

This page lists every published CVE security advisory associated with TryGhost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.