@kids-reporter/cms-core (>=1.0.17 <=1.0.32), @kids-reporter/draft-editor (>=1.0.19 <=1.0.32) potentially affected by CVE-2025-46720 +1 more via @keystone-6/core (=6.5.1)

@keystone-6/core NPM version =6.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on @keystone-6/core and may be impacted: - @kids-reporter/cms-core =1.0.17, =1.0.19, =1.0.32 Source cves: CVE-2025-46720, CVE-2026-33326 Source advisory:...

PT-2026-26483

Name of the Vulnerable Software and Affected Versions Keystone versions prior to 6.5.2 Description Keystone is a content management system for Node.js. An access control bypass exists in findMany queries through the cursor parameter. Specifically, the field.isFilterable access control can be...

@beemstream/keystone-document-gallery (>=2.0.0 <=2.0.6), @murz/keystone-field-nested-set (=4.0.1-1) +7 more potentially affected by unknown CVE via @keystone-6/core (>=1.1.1 <=5.2.0)

@keystone-6/core NPM version =1.1.1, =2.0.0, =2.1.0, =1.0.0, =6.0.21, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.2.0 Source cves: unknown CVE Source advisory: OSV:GHSA-5FP6-4XW3-XQQ3...

PT-2022-24942 · Unknown · @Keystone-6/Core

Name of the Vulnerable Software and Affected Versions: @keystone-6/core versions 3.0.0 through 3.0.1 Description: The issue arises when NODE ENV is inlined to "development" for user code, regardless of the environment variables. This affects users who use NODE ENV to trigger security-sensitive...