Browse all 14 CVE security advisories affecting TryGhost. AI-powered Chinese analysis, POCs, and references for each vulnerability.
TryGhost is an open-source publishing platform focused on creating professional blogs and websites. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with 14 CVEs documented. The platform's modular architecture with themes and apps introduces potential attack surfaces. Notable security characteristics include its Node.js backend and emphasis on performance, though past incidents have involved authentication bypass flaws and insecure default configurations. Security researchers have identified issues related to improper input validation and insufficient access controls, highlighting the importance of regular updates and hardening for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-32817 | File disclosure in express-hbs — express-hbsCWE-200 | 5.4 | Medium | 2021-05-14 |
This page lists every published CVE security advisory associated with TryGhost. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.