Package impact
NPM / apostrophe
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35569 | high | 8.7 | 8.7 | 1mo ago | Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS | |||
| CVE-2026-45011 | high | — | 8.0 | 15d ago | Apostrophe has stored XSS via javascript: URL in Image Widget Link | |||
| CVE-2026-45013 | high | — | 8.0 | 15d ago | Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation | |||
| CVE-2026-45012 | high | — | 8.0 | 15d ago | Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget |