Every CVE whose affected-product data names Keystonejs Keystone, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2022-29354 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a…
CVE-2022-39322 — CVSS 9.1 (critical): @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Starting with version 2.2.0 and prior to…
CVE-2017-15879 — CVSS 8.8 (high): CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in…
CVE-2017-16570 — CVSS 8.8 (high): KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number…
CVE-2015-9240 — CVSS 7.5 (high): Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be…
CVE-2023-34247 — CVSS 6.1 (medium): Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior…
CVE-2017-15878 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the…
CVE-2022-0087 — CVSS 6.1 (medium): keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-15881 — CVSS 4.8 (medium): Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web…
CVE-2026-33326 — CVSS 4.3 (medium): Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be bypassed in…
CVE-2023-40027 — CVSS 3.7 (low): Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the…
CVE-2025-46720 — CVSS 3.1 (low): Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in…