Browse all 8 CVE security advisories affecting keystonejs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
KeystoneJS is an open-source Node.js CMS and headless framework for building web applications and content management systems. Historically, it has been vulnerable to classes including remote code execution, cross-site scripting, and privilege escalation, with eight CVEs recorded. Security characteristics include its express-based architecture and customizable admin UI. Notable incidents include a 2021 RCE vulnerability (CVE-2021-22883) allowing arbitrary code execution through crafted API requests, and a 2019 XSS flaw (CVE-2019-5429) in the admin panel. The framework requires careful configuration to mitigate risks, particularly around user input handling and access control.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-0087 | Cross-site Scripting (XSS) - Reflected in keystonejs/keystone — keystonejs/keystoneCWE-79 | 6.1 | - | 2022-01-11 |
This page lists every published CVE security advisory associated with keystonejs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.