Package impact
npm / @keystone-6/core
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33326 | medium | 4.3 | 4.3 | 2mo ago | @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix) | |||
| CVE-2025-46720 | unknown | — | — | 1y ago | Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields | |||
| CVE-2023-40027 | unknown | — | — | 3y ago | When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible | |||
| CVE-2022-39382 | unknown | — | — | 4y ago | @keystone-6/core's NODE_ENV defaults to development with esbuild | |||
| CVE-2022-39322 | unknown | — | — | 4y ago | Field-level access-control bypass for multiselect field |