OsVault/npm/apostrophe
npm1 critical

apostrophe

9 known vulnerabilities · 1 critical · 0 high

GHSA-855c-r2vq-c292

Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS

Published Apr 16, 2026
GHSA-c276-fj82-f2pq

ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions

Published Apr 16, 2026
CVE-2021-25979CRITICAL

Apostrophe CMS Insufficient Session Expiration vulnerability

Published Nov 10, 2021
GHSA-mj7r-x3h3-7rmr

ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint

Published Apr 16, 2026
CVE-2026-32730

ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware

Published Mar 18, 2026
CVE-2021-25978MEDIUM

Cross-site Scripting in apostrophe

Published Nov 10, 2021
GHSA-97v6-998m-fp4g

ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context

Published Apr 16, 2026
GHSA-xhq9-58fw-859p

ApostropheCMS: publicApiProjection Bypass via project Query Builder in Piece-Type REST API

Published Apr 16, 2026
CVE-2026-32731

ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

Published Mar 18, 2026
Check your entire dependency tree at onceRun dependency scan →