@tryghost/portal (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @tryghost/portal, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2026-24778 — CVSS 8.8 (high): Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able…
CVE-2024-43409 — CVSS 6.5 (medium): Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to…